1488 matches found
Allocation of Resources Without Limits or Throttling
The Kubelet component has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port, and the authenticated HTTPS API typically served on port...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The cross-site scripting XSS prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a...
Improper Input Validation
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery CSRF protection for requests to applications that rely on this protection, as demonstrated using text/plain...
Caches may be allowed to store and serve private data
Django contains a flaw that is triggered as the program improperly removes Vary and Cache-Control headers from HTTP responses during a reply to a request from some older versions of Internet Explorer or the Chrome Frame client. This may allow a context-dependent attacker to gain access to...
MySQL typecasting
When using a MySQL database, Django don't perform explicit conversion of the fields: FilePathField GenericIPAddressField IPAddressField If a query is performed without first converting values to the appropriate type, this can produce unexpected results, similar to what would occur if the query...
Response Splitting Vulnerability in Ruby on Rails
A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types...
gotortc Cross-site Scripting vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI does not...
Out-of-bounds Read
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read...
Improper Control of Generation of Code ('Code Injection')
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Incorrect Authorization
KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used t...
Session Fixation
KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4...
Mellium vulnerable to authentication failure or insufficient randomness used during authentication
An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...
Out-of-bounds Read
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
Missing Release of Resource after Effective Lifetime
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
Improper Validation of Array Index
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...
golang.org/x/net/http2 Denial of Service vulnerability
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
Improper Authentication
Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2...
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Impact All unpatched versions of Argo CD starting with v1.3.0 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be use...
Uncontrolled Recursion
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...
Access control bypass in beego
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places e.g., p1.xml instead of p1...
Cross-Site Request Forgery (CSRF)
cobbler: Web interface lacks CSRF protection when using Django framework...
Improper Link Resolution Before File Access ('Link Following')
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Improper Link Resolution Before File Access ('Link Following')
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Access control bypass
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control...
Improper Access Control
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository acces...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file...
Files or Directories Accessible to External Parties
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem...
Uncontrolled Resource Consumption
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...
Open Redirect in Flask-Security-Too
Flask-Security allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc network location as the requesting URL. This check utilizes Pythons...
NULL Pointer Dereference
A NULL pointer dereference was discovered in cpp-peglib's peg::AstOptimizer::optimize located in peglib.h. It allows an attacker to cause a Denial of Service...
Incorrect Conversion between Numeric Types
An issue was discovered in GNOME GLib If gbytearraynewtake was called with a buffer of 4GB or more on a platform, the length would be truncated modulo 232, causing unintended length truncation...
Integer Overflow or Wraparound
DISPUTED GNOME GLib has an integer overflow, that might lead to an out-of-bounds write, in goptiongroupaddentries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls ...
Inclusion of Sensitive Information in Log Files
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials...
Cross-Site Request Forgery (CSRF)
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...
Settings leak in date template filter
If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format. e.g. SECRETKEY instead of j/m/Y...
Possible DoS Vulnerability
A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: "some string userinput" % somenumber...
XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated select tag options upon submission to actionpack/lib/actionview/helpers/formoptionshelper.rb. This may allow a user to create a specially crafted request that would execute...
Missing Authentication for Critical Function
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...
Improper Restriction of XML External Entity Reference
A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclos...
Server-Side Request Forgery (SSRF)
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...
Insertion of Sensitive Information into Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...
Uncontrolled Resource Consumption
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...
Improper Control of Generation of Code ('Code Injection')
Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...
Allocation of Resources Without Limits or Throttling
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
golang.org/x/net/http2 Denial of Service vulnerability
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd...