1518 matches found
Pinniped Supervisor Insufficient Session Expiration vulnerability
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...
Incorrect Authorization
All unpatched versions of Argo CD starting with v1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The leafInfo.match function in Beego v2.0.3 and below uses path.join to deal with wildcardvalues which can lead to cross directory risk...
Use of Insufficiently Random Values
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The hyperlinks functionality in atlaskit/editor-core in allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in link targets...
Improper Input Validation
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address...
Incorrect Permission Assignment for Critical Resource
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
Uncontrolled Resource Consumption
JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...
Use of Multiple Resources with Duplicate Identifier
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this attack, an attacker...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...
Improper Input Validation
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash...
Path Traversal
There is a vulnerability in actionpackpage-caching that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument...
Unsafe Query Generation Risk
There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...
Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application...
@akbr/update Prototype Pollution
akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js...
Untrusted Search Path
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...
Duplicate of ./gem/activesupport/CVE-2023-22796.yml
There is a possible regular expression based DoS vulnerability in Active Support. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...
Session Fixation
KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting XSS - Stored in GitHub repository go-gitea/gitea prior to 1.16.9...
Insertion of Sensitive Information into Log File
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...
Improper Certificate Validation
Connections initialized by the AWS IoT Device SDK v2 for Java, Python , C++ and Node.js does not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in their trust stores on Windows. This issue has been addressed in aws-c-io submodule onward. This...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0...
XML Parsing Vulnerability affecting JRuby users
There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately...
URL Redirection to Untrusted Site ('Open Redirect')
Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Due to improper path santization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
Improper Input Validation
A segmentation fault SEGV flaw was found in the Fribidi package and affects the fribidiremovebidimarks function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service...
Duplicate
This advisory duplicates another...
Uncontrolled Recursion
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...
Improper Authentication
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 is vulnerable to an improper authentication issue when role-based access control RBAC is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name CN which matches a valid RBAC username, a remote...
Improper Link Resolution Before File Access ('Link Following')
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Access control bypass
An issue was discovered in the route lookup process in beego through 2.0.1, allows attackers to bypass access control...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...
Server-Side Request Forgery (SSRF)
In Apache Traffic Control Traffic Ops, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach...
Cobbler before 3.3.0 allows log poisoning
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review th...
Incorrect Authorization
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
Improper Certificate Validation
An issue was discovered in Hybrid Group Gobot. The mqtt subsystem skips verification of root CA certificates by default...
Generation of Error Message Containing Sensitive Information
Auth0 Auth0-WCF-Service-JWT leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...
Eve allows execution of arbitrary code
io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...
Improper Input Validation
The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...
actionpack Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML...
Circumvention of attr_protected
The attrprotected method allows developers to exclude model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected...
Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application...
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary IS NULL clauses in to application SQL queries. This may also allow an attacker to have the SQL query chec...
HAPI FHIR XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
1Panel has an SQL injection issue related to the orderBy clause
There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The proof is as follows...