1518 matches found
Arbitrary file deletion in gitea
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service DoS via deleting the configuration file...
Django Regex Algorithmic Complexity Causes Denial of Service
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd/v2...
Open Redirect in Flask-Security-Too
Flask-Security allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc network location as the requesting URL. This check utilizes Pythons...
Improper Input Validation
In the @actions/core npm module, addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modified...
Improper Access Control
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Go SSH library vulnerable to Man-in-the-Middle attacks
The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...
Session Fixation
KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4...
Duplicate of ./go/github.com/KubeOperator/KubePi/CVE-2023-22478.yml
API interfaces with unauthorized access will leak sensitive information via /kubepi/api/v1/systems/operation/logs/search and /kubepi/api/v1/systems/login/logs/search...
hutool-json stack overflow vulnerability
A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...
Improper Input Validation
docker2aci = 0.12.3 has an infinite loop when handling local images with cyclic dependency chain...
Admidio has Blind SQL Injection in ecard_send.php
Description: An SQL Injection has been identified in the /admprogram/modules/ecards/ecardsend.php source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of ecardrecipients POST parameter is being directly concatenated with the SQ...
ActiveAdmin vulnerable to CSV injection
csvbuilder.rb in ActiveAdmin aka Active Admin before 3.2.0 allows CSV injection...
Insecure Default Initialization of Resource
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...
Use after free in Animation
The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other public information on the issue...
Arbitrary Command Injection
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection...
Information Exposure
An issue was discovered in the acf-to-rest-api plugin for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and password values...
Observable Discrepancy
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...
Allocation of Resources Without Limits or Throttling
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer...
Denial of service in django
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...
QOS.CH logback-core Expression Language Injection vulnerability
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...
Deserialization of Untrusted Data
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them...
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...
Exposure of Sensitive Information to an Unauthorized Actor
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5....
CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing
A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...
CasaOS Command Injection vulnerability
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...
otelgrpc DoS vulnerability due to unbound cardinality metrics
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Alist v3.5.1 is vulnerable to Cross Site Scripting XSS via the bulletin board...
Django Admin Media Handler Vulnerable to Directory Traversal
The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL...
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
Local File inclusion
A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI...
DIRAC's TokenManager does not check permissions on cached tokens
Any user could get a token that has been requested by another user/agent...
Use of Hard-coded Credentials
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...
Path Traversal in Git HTTP endpoints in Gogs
Impact The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected. Patches Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...
Django Might Allow CSRF Requests via URL Verification
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...
Remote Code Execution via unsafe classes in otherwise permitted modules
The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...
Out-of-bounds Write
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
The File Session Manager in Beego allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query,...
Potential CSV export data leak
Impact In ActiveAdmin versions prior to 2.12.0, a concurrency issue was found that could allow a malicious actor to be able to access potentially private data that belongs to another user. The bug affects the functionality to export data as CSV files, and was caused by a variable holding the...
Authentication Bypass by Spoofing
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...
Improper Restriction of Operations within the Bounds of a Memory Buffer
The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...
Use after free in Animation
The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. There is currently little other public information on the issue...
XSS Vulnerability in number_to_currency
The numbertocurrency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack...
Exposure of Sensitive Information to an Unauthorized Actor
KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user including admin. A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users...
Cloud Foundry Archiver vulnerable to path traversal
Due to improper path santization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field...
Insecure Default Initialization of Resource
As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be ke...