Cross-site Scripting

Cross Site Scripting XSS vulnerability exists in the admin panel in Beego via the URI path in an HTTP request, which is activated by administrators viewing the Request Statistics page...

Improper Control of Generation of Code ('Code Injection')

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to upda...

Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`

Impact This is pro-active fix. No know exploits exist. Impacted: You're running Kubernetes = v1.19 You're running Argo Server It is configured to with --auth-mode=client Is not configured with --auth-mode=server You are not running Argo Server in Kubernetes pod. E.g. on bare metal or other VM...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in github.com/argoproj/argo-workflows...

Uncontrolled Resource Consumption

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...

Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript

This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In addition to these signatures, the ESDK uses AES-GCM encryption and all plaintext is verified before being released to a caller. There is no impact on the...

Uncontrolled Resource Consumption

JPA Server in HAPI FHIR allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many...

Integer Overflow or Wraparound

An integer overflow issue exists in Godot Engine that can be triggered when loading specially crafted TGA image files...

Improper Input Validation

In the @actions/core npm module, addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modified...

False positive

This advisory has been marked as a False Positive and has been removed...

Inadequate Encryption Strength

The strrotpass function in PHP-Proxy uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file inclusion...

Improper Authentication

In PHP Proxy, any user can read files from the server without authentication...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

Path Traversal

11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url...

Nginx-UI Settings API Exposes Protected Secrets

The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is completely...

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

Autolab Misconfigured Reset Password Permissions

For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords...

XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external...

Remote code execution in web server context

User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server...

Duplicate

This advisory duplicates another...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Admidio v4.2.12 and below is vulnerable to Cross Site Scripting XSS...

hutool Buffer Overflow vulnerability

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray...

Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService

When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SS...

Gitea erroneous repo clones

In Gitea through 1.17.1, repo cloning can occur in the migration function...

Improper Input Validation

Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For exampl...

Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec

Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service...

SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...

zstd vulnerable to buffer overrun

A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer overrun...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in Akka...

Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument tablename leads to sql injection. The attack may be launched remotely. The exploit has been...

etcd vulnerable to TOCTOU of gateway endpoint authentication

The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail The gateway only authenticates endpoints detected from DNS SRV records, and it only authenticates the detected endpoints once...

Cross-site Scripting

nextjs-auth0 lacks HTML escaping for error messages...

Missing Authentication for Critical Function

The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables...

Cross-Site Request Forgery

Cross-Site Request Forgery in Flask-Security-Too...

Out-of-bounds Write

CImg suffers from integer overflows leading to heap buffer overflows in loadpnm that can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity...

Improper Input Validation

apollo-adminservice does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it does not have access control built-in. Malicious hackers may access...

Improper Authentication

Auth0 auth0.net has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...

Incorrect Default Permissions

The File Session Manager in Beego allows local users to read session files because of weak permissions for individual files...

Improper Access Control

Istio has Incorrect Access Control...

Improper Certificate Validation

An issue was discovered in Hybrid Group Gobot. The mqtt subsystem skips verification of root CA certificates by default...

Deserialization of Untrusted Data

The Serialize.deserialize method in CoAPthon3 mishandles certain exceptions, leading to a denial of service...

Command Injection

active-support could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

Improper Neutralization of HTTP Headers for Scripting Syntax

HTTP header injection vulnerability in the http package...

Code Injection

pygmentize contains a Remote Code Execution vulnerability...

Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length

The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration...

Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)

The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS when a crafted application/x-trix-document JSON payload is dropped into the editor in environments using the fallback Level0InputController e.g., embedded WebViews lacking Input Events Level 2 support. The StringPiece.fromJSON...

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memor...

H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...