Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2025/09/17 12:0 a.m.•84 views

Dragonfly's directories created via os.MkdirAll are not checked for permissions

DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path already exists. This allows a local attacker to create a directory to be used later by DragonFly2 with broa...

5.1CVSS6.7AI score0.00106EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/04/08 12:0 a.m.•83 views

Unrestricted Upload of File with Dangerous Type

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'...

7.5CVSS4.6AI score0.04844EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/12/22 12:0 a.m.•83 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ajax.Releases are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details...

8.7CVSS1.3AI score0.00824EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/08/30 12:0 a.m.•83 views

Improper Handling of Case Sensitivity

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

8.3CVSS0.5AI score0.01176EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/10/19 12:0 a.m.•82 views

Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...

5.3CVSS6.4AI score0.00449EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/09/20 12:0 a.m.•81 views

Server-Side Request Forgery (SSRF)

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

7.5CVSS6.7AI score0.0078EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/07/21 12:0 a.m.•81 views

Improper Access Control

KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the isadmin value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are...

9.1CVSS6.7AI score0.00615EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/06/09 12:0 a.m.•81 views

Denial of service via HTTP/2 HEADERS frames padding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...

7.8CVSS6.7AI score0.01279EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/01/07 12:0 a.m.•81 views

Observable Timing Discrepancy

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is...

5.3CVSS5.7AI score0.00704EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/23 12:0 a.m.•81 views

UNIX Symbolic Link (Symlink) Following

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's...

4.3CVSS2AI score0.01074EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/03/14 12:0 a.m.•81 views

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting XSS code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the...

6.1CVSS5.9AI score0.0109EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/16 12:0 a.m.•81 views

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution...

9.8CVSS4.9AI score0.02117EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/02 12:0 a.m.•81 views

Time-of-check Time-of-use (TOCTOU) Race Condition

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...

6.3CVSS1.3AI score0.03679EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/08/30 12:0 a.m.•80 views

Denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...

6.5CVSS1.8AI score0.00874EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/07/21 12:0 a.m.•79 views

Exposure of Sensitive Information to an Unauthorized Actor

KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user including admin. A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users...

7.5CVSS6.9AI score0.00681EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/06/09 12:0 a.m.•79 views

Denial of Service via reachable assertion

A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...

7.5CVSS6.5AI score0.01131EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/04/28 12:0 a.m.•79 views

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version 0.6.1, there is a possible prototype pollution issue for the MetadataRecord, when merged with a base class' metadata object, in meta decorator from the @aedart/support package. The...

3.7CVSS6.6AI score0.00482EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/01/09 12:0 a.m.•79 views

Duplicate of ./go/github.com/KubeOperator/KubePi/CVE-2023-22479.yml

Summary A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application. Affected Version = v1.6.3 For more information If you have any questions or...

7.5CVSS6.1AI score0.00403EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/06/21 12:0 a.m.•79 views

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params

Impact All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a...

8.3CVSS3.7AI score0.00894EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/07 12:0 a.m.•79 views

Improper Input Validation

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

8.1CVSS1.8AI score0.011EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2019/06/05 12:0 a.m.•79 views

Cross-site Scripting

XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. This...

6.1CVSS2.5AI score0.01268EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/03/24 12:0 a.m.•78 views

Improper Access Control

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository acces...

7.7CVSS1.1AI score0.0086EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2021/04/27 12:0 a.m.•78 views

Authentication Bypass by Spoofing

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...

9.8CVSS1.7AI score0.74242EPSS
Exploits2References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/01/29 12:0 a.m.•77 views

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF

Fix bypass to the following bugs - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35 Allowing to inject directly in the app.ini via CRLF to change the value of testconfigcmd and startcmd...

8.8CVSS7.1AI score0.01054EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2019/08/13 12:0 a.m.•77 views

Incorrect Regular Expression

Istio mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API...

7.5CVSS1.2AI score0.02275EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/12/14 12:0 a.m.•76 views

@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity

Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...

7.5CVSS6.7AI score0.01121EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/08/16 12:0 a.m.•76 views

Improper Authentication

Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2...

9.8CVSS2.6AI score0.01278EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2018/10/17 12:0 a.m.•76 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS6.3AI score0.02674EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2018/10/17 12:0 a.m.•76 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS6.3AI score0.02674EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/10/11 12:0 a.m.•75 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Gogs, versions v0.6.5 through v0.12.10 is vulnerable to Stored Cross-Site Scripting XSS that leads to an account takeover...

9CVSS3AI score0.58021EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/13 12:0 a.m.•75 views

NULL Pointer Dereference

The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...

7.5CVSS1.2AI score0.02774EPSS
Exploits1References12Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/03 12:0 a.m.•75 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

All versions of package com.alibaba.oneagent:one-java-agent-plugin is vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke th...

9.8CVSS6.5AI score0.03556EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/03/24 12:0 a.m.•75 views

Improper Access Control

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's...

6.8CVSS1.4AI score0.00923EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/05/09 12:0 a.m.•74 views

1Panel arbitrary file write vulnerability

There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing...

7.5CVSS7AI score0.01329EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/12/16 12:0 a.m.•74 views

Uncontrolled Resource Consumption

A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS2.6AI score0.00897EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/03/24 12:0 a.m.•74 views

URL Redirection to Untrusted Site ('Open Redirect')

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known...

6.1CVSS3.8AI score0.00923EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/22 12:0 a.m.•74 views

Use after free in Animation

The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other public information on the issue...

8.8CVSS2.5AI score0.23546EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/09/06 12:0 a.m.•73 views

XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...

8.6CVSS8.4AI score0.00975EPSS
Exploits0References7
GitLab Advisory Database
GitLab Advisory Database
•added 2023/10/05 12:0 a.m.•73 views

Vapor's incorrect request error handling triggers server crash

Vapor incorrectly handles errors encountered during parsing of HTTP 1.x requests, triggering a precondition failure in swift-nio due to API misuse and causing immediate termination of the server process...

5.3CVSS6.7AI score0.00597EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/12/31 12:0 a.m.•73 views

Mellium vulnerable to authentication failure or insufficient randomness used during authentication

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

2.6AI score0.00883EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/05/14 12:0 a.m.•73 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting XSS vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to...

6.1CVSS6.8AI score0.01262EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/09/19 12:0 a.m.•72 views

Dragonfly2 has hard coded cyptographic key

Hello dragonfly maintainer team, I would like to report a security issue concerning your JWT feature...

9.8CVSS6.8AI score0.33618EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/03/23 12:0 a.m.•72 views

Hippo4j privilege escalation issue

An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module...

8.8CVSS8.4AI score0.00639EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/12/12 12:0 a.m.•72 views

AList vulnerable to Improper Preservation of Permissions

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder even a password protected one...

8.8CVSS2.3AI score0.00973EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/07/29 12:0 a.m.•72 views

fs2-io skips mTLS client verification

Impact When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely...

9.8CVSS1AI score0.00641EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/02/07 12:0 a.m.•72 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file...

7.7CVSS4.1AI score0.02693EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2024/01/11 12:0 a.m.•71 views

Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a...

8.8CVSS7.1AI score0.01537EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2023/06/13 12:0 a.m.•71 views

Incorrect Permission Assignment for Critical Resource

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile function at /core/io/FileUtil.java...

7.1CVSS6.6AI score0.00244EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/11/01 12:0 a.m.•71 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-2126...

8.8CVSS3.5AI score0.00506EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2022/09/07 12:0 a.m.•71 views

x/crypto/ssh vulnerable to panic via SSH server

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

7.5CVSS3.9AI score0.00984EPSS
Exploits0References7Affected Software1
Total number of security vulnerabilities1518