1518 matches found
Dragonfly's directories created via os.MkdirAll are not checked for permissions
DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path already exists. This allows a local attacker to create a directory to be used later by DragonFly2 with broa...
Unrestricted Upload of File with Dangerous Type
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Ajax.Releases are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details...
Improper Handling of Case Sensitivity
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
Server-Side Request Forgery (SSRF)
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...
Improper Access Control
KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the isadmin value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are...
Denial of service via HTTP/2 HEADERS frames padding
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...
Observable Timing Discrepancy
A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is...
UNIX Symbolic Link (Symlink) Following
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...
Time-of-check Time-of-use (TOCTOU) Race Condition
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...
Denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...
Exposure of Sensitive Information to an Unauthorized Actor
KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user including admin. A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users...
Denial of Service via reachable assertion
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version 0.6.1, there is a possible prototype pollution issue for the MetadataRecord, when merged with a base class' metadata object, in meta decorator from the @aedart/support package. The...
Duplicate of ./go/github.com/KubeOperator/KubePi/CVE-2023-22479.yml
Summary A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application. Affected Version = v1.6.3 For more information If you have any questions or...
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
Impact All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a...
Improper Input Validation
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...
Cross-site Scripting
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. This...
Improper Access Control
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository acces...
Authentication Bypass by Spoofing
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
Fix bypass to the following bugs - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35 Allowing to inject directly in the app.ini via CRLF to change the value of testconfigcmd and startcmd...
Incorrect Regular Expression
Istio mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API...
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...
Improper Authentication
Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Gogs, versions v0.6.5 through v0.12.10 is vulnerable to Stored Cross-Site Scripting XSS that leads to an account takeover...
NULL Pointer Dereference
The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
All versions of package com.alibaba.oneagent:one-java-agent-plugin is vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke th...
Improper Access Control
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's...
1Panel arbitrary file write vulnerability
There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing...
Uncontrolled Resource Consumption
A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the...
URL Redirection to Untrusted Site ('Open Redirect')
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known...
Use after free in Animation
The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other public information on the issue...
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...
Vapor's incorrect request error handling triggers server crash
Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, triggering a precondition failure in swift-nio due to API misuse and causing immediate termination of the server process...
Mellium vulnerable to authentication failure or insufficient randomness used during authentication
An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting XSS vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to...
Dragonfly2 has hard coded cyptographic key
Hello dragonfly maintainer team, I would like to report a security issue concerning your JWT feature...
Hippo4j privilege escalation issue
An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module...
AList vulnerable to Improper Preservation of Permissions
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder even a password protected one...
fs2-io skips mTLS client verification
Impact When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file...
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a...
Incorrect Permission Assignment for Critical Resource
Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile function at /core/io/FileUtil.java...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-2126...
x/crypto/ssh vulnerable to panic via SSH server
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...