Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd/v2...

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params

All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows...

Cross-Site Request Forgery (CSRF)

An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

NULL Pointer Dereference

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...

Improper Link Resolution Before File Access ('Link Following')

An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...

Improper Access Control

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write access to leak sensitive files from Argo CD's...

Improper Authentication in Kubernetes

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally...

Incorrect Authorization

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook.Validating Admission Webhook does not observe some previous fields...

Prototype pollution in 101

Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution...

Out-of-bounds Read

A heap-based buffer over-read was discovered in cpp-peglib's peg::resolveescapesequence in peglib.h...

Nil Pointer Dereference

A nil pointer dereference in the golang.org/x/crypto/ssh component enables remote attackers to cause a DoS against SSH servers...

Use After Free

Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

Uncontrolled Resource Consumption

The Kubernetes kubelet component do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of dat...

Out-of-bounds Read

In Apache Thrift, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...

Incorrect Permission Assignment for Critical Resource

In Kubernetes, schema info is cached by kubectl in the location specified by --cache-dir defaulting to $HOME/.kube/http-cache, written with world-writeable permissions rw-rw-rw-. If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files ma...

Sandbox Escape

In Pallets Jinja, str.formatmap allows a sandbox escape...

Cross-site scripting in django

Cross-site scripting XSS vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload...

Insufficiently Protected Credentials

The Jenkins AWS CodePipeline Plugin contains an Insufficiently Protected Credentials vulnerability...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the striptags helper in actionpack/lib/actioncontroller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an inval...

Serialization vulnerability

A serialization vulnerability was found in the SocketServer and ServerSocketReceiver components...

Textile Link Parsing XSS

RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting XSS attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute...

DOS via large passwords

The authentication framework django.contrib.auth computes the hash of a password each time a user attempts to log in, no matter the length of the password. Thus, a remote attacker can cause a denial of service CPU consumption by repeatedly submitting long passwords...

Symbol DoS vulnerability in Active Record

When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce params:name to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use on...

Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

Untrusted Search Path

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

Active Support Possibly Discloses Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

Excessive Iteration

A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size width height appearing to be zero...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site Scripting XSS - Stored in GitHub repository admidio/admidio prior to 4.2.8...

Buffer Underwrite ('Buffer Underflow')

c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...

Improper Authentication

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function...

Inefficient Regular Expression Complexity

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

Relative Path Traversal

Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.core...

MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`

MITM can enable Zip-Slip...

Helm vulnerable to denial of service through through repository index file

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the repo package that can cause a segmentation violation. Applications that use functions from the repo package in the Helm SDK can have a Denial of Service attack when they use this package and it panics...

Duplicate

This advisory duplicates another...

Missing Release of Memory after Effective Lifetime

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...

OS Command Injection in gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...

Use of Insufficiently Random Values

An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...

Allocation of Resources Without Limits or Throttling

Some HTTP/2 implementations is vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the RSTSTRE...

Insertion of Sensitive Information into Log File

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...

Improper Input Validation

The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...

Incorrect Permission Assignment for Critical Resource

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ACS Commons version 5.1.x and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. User input submitted via these parameters is not validated or sanitised. An attacker must provide a link to...

Cross site scripting in actionpack Rubygem

A cross-site scripting vulnerability flaw was found in the autolink function in Rails before version 3.0.6...

Server-Side Request Forgery (SSRF)

C1 CMS is an open-source, .NET based Content Management System CMS. Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery SSRF by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also...

Deserialization of Untrusted Data

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions before 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following t...