Lucene search
K
GitlabRecent

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2024/05/14 12:0 a.m.20 views

Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of th...

7.5CVSS6.2AI score0.011EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2024/05/09 12:0 a.m.74 views

1Panel arbitrary file write vulnerability

There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing...

7.5CVSS7AI score0.01329EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/05/07 12:0 a.m.106 views

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

5.4CVSS7.8AI score0.00784EPSS
Exploits0References16Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/22 12:0 a.m.41 views

Arbitrary Code Execution in Gitea

The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution...

7.2CVSS7.3AI score0.95432EPSS
Exploits12References14Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/18 12:0 a.m.50 views

1Panel's password verification is suspected to have a timing attack vulnerability

源码中密码校验处使用 != 符号,而不是hmac.Equal,这可能导致产生计时攻击漏洞,从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac. Equal to...

5.9CVSS5.4AI score0.0038EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/18 12:0 a.m.34 views

@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability

An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...

8.1AI score0.01158EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/09 12:0 a.m.85 views

DIRAC: Unauthorized users can read proxy contents during generation

During the proxy generation process e.g., when using dirac-proxy-init it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short...

8.1CVSS7.1AI score0.00317EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/09 12:0 a.m.54 views

Azure Identity Library for .NET Information Disclosure Vulnerability

Azure Identity Library for .NET Information Disclosure Vulnerability...

5.5CVSS7AI score0.00711EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/03 12:0 a.m.38 views

AMPHP Denial of Service via HTTP/2 CONTINUATION Frames

amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of...

8.2CVSS7AI score0.83244EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/03 12:0 a.m.23 views

amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames

Early versions of amphp/http-client with HTTP/2 support v4.0.0-rc10 to 4.0.0 will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client v4.1.0-rc1...

7.3AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/03 12:0 a.m.33 views

AMPHP Denial of Service via HTTP/2 CONTINUATION Frames

amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of...

8.2CVSS7.3AI score0.83244EPSS
Exploits1References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/04/01 12:0 a.m.47 views

CasaOS Username Enumeration - Bypass of CVE-2024-24766

The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7...

7.5CVSS7.1AI score0.00758EPSS
Exploits2References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/29 12:0 a.m.13 views

Un-sanitized metric name or labels can be used to take over exported metrics

In code which applies un-sanitized string values into metric names or labels, like this: swift let lang = try? request.query-getString.self, at: "lang" Counter label: "language", dimensions: "lang", lang ?? "unknown" an attacker could make use of this and send a ?lang query parameter containing...

7.4CVSS6.6AI score0.00645EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/28 12:0 a.m.4 views

Serverpod improved security for stored password hashes

Serverpod now uses the OWASP recommended Argon2Id password hash algorithm to store password hashes for the email authentication module...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/28 12:0 a.m.4 views

Serverpod client accepts any certificate

This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic an...

7.4CVSS5.9AI score0.00284EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/22 12:0 a.m.33 views

Cross-Site Request Forgery in Anchor CMS

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/categories/delete/2...

2.4CVSS3.8AI score0.00255EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/22 12:0 a.m.57 views

Cross-Site Request Forgery in Anchor CMS

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via /anchor/admin/users/delete/2...

7.4CVSS7.5AI score0.00251EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/10 12:0 a.m.40 views

1Panel is vulnerable to command injection

1Panel is vulnerable to command injection. This vulnerability has been classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the...

9.8CVSS7.7AI score0.03044EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/06 12:0 a.m.91 views

1Panel open source panel project has an unauthorized vulnerability.

The steps are as follows: 1. Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. 2. Use Burp to intercept: When opening the browser and entering the URL allowing the first intercepted packet through Burp, the following is displayed: It is found that...

6.3CVSS4.9AI score0.00471EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/06 12:0 a.m.59 views

CasaOS Username Enumeration

Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error "User does not exist", If the...

7.5CVSS6.9AI score0.00758EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/06 12:0 a.m.99 views

CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability

Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server...

9.8CVSS9.5AI score0.00977EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/06 12:0 a.m.134 views

CasaOS-UserService allows unauthorized access to any file

Summary http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/1/avatar.png Originally it was to get the url of the user's avatar, but the path filtering was not strict, making it possible to get any file on the system. Details Construct paths to get any file. Such as the CasaOS user database,...

9.8CVSS6.8AI score0.00971EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/29 12:0 a.m.20 views

yyjson has a Double Free vulnerability

The pool series allocator poolmalloc/poolfree/poolrealloc by yysjon has a Double Free vulnerability, which may lead to arbitrary address writing and Denial of Service DoS attacks. Arbitrary address writing, combined with other legitimate or illegitimate operations of programs using this library,...

8.6CVSS8.1AI score0.01836EPSS
Exploits1References11Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/28 12:0 a.m.42 views

Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. Impacted...

6.1CVSS4.7AI score0.00567EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/28 12:0 a.m.40 views

Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID

Impact When Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...

9.1CVSS6.7AI score0.00857EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/27 12:0 a.m.32 views

Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/08 12:0 a.m.64 views

DIRAC's TokenManager does not check permissions on cached tokens

Any user could get a token that has been requested by another user/agent...

9.1CVSS8.3AI score0.00534EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/05 12:0 a.m.39 views

1Panel set-cookie is missing the Secure keyword

The https cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text when accessing http accidentally. https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookiesecure...

7.5CVSS7.3AI score0.00304EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/05 12:0 a.m.26 views

1Panel set-cookie is missing the Secure keyword

The https cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text when accessing http accidentally. https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookiesecure...

7.5CVSS6.5AI score0.00304EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/03 12:0 a.m.22 views

Etcd Gateway TLS endpoint validation only confirms TCP reachability

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv fla...

7.2AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/03 12:0 a.m.9 views

Etcd pkg Insecure ciphers are allowed by default

Vulnerability type Cryptography Detail The TLS ciphers list supported by etcd contains insecure cipher suites. Users can configure the desired ciphers using the “--cipher-suites” flag, and a default list of secure cipher suites is used if empty. Workarounds By default, no action is required. If...

7AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/03 12:0 a.m.30 views

Etcd embed auto compaction retention negative value causing a compaction loop or a crash

Impact Data Validation Detail The parseCompactionRetention function in embed/etcd.go allows the retention variable value to be negative and causes the node to execute the history compaction in a loop, taking more CPU than usual and spamming logs. References Find out more on this vulnerability in...

7.3AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/03 12:0 a.m.8 views

Etcd embed auto compaction retention negative value causing a compaction loop or a crash

Data Validation...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/03 12:0 a.m.8 views

Etcd Gateway TLS endpoint validation only confirms TCP reachability

Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv fla...

7.2AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/03 12:0 a.m.9 views

Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only

Vulnerability type Logging Detail etcd users who have no password can authenticate only through a client certificate. When such users try to authenticate into etcd using the Authenticate endpoint, errors are logged with insufficient information regarding why the authentication failed, and may be...

7.2AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/03 12:0 a.m.15 views

Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only

Vulnerability type Logging Detail etcd users who have no password can authenticate only through a client certificate. When such users try to authenticate into etcd using the Authenticate endpoint, errors are logged with insufficient information regarding why the authentication failed, and may be...

7.2AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/03 12:0 a.m.26 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/31 12:0 a.m.28 views

Missing Release of Resource after Effective Lifetime

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requestin...

7.7CVSS7.2AI score0.01206EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/31 12:0 a.m.34 views

Missing Authentication for Critical Function

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS7.1AI score0.01636EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/30 12:0 a.m.55 views

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...

8.2CVSS6.4AI score0.00385EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/29 12:0 a.m.53 views

Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature

The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...

9.8CVSS7.3AI score0.00699EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/29 12:0 a.m.77 views

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF

Fix bypass to the following bugs - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35 Allowing to inject directly in the app.ini via CRLF to change the value of testconfigcmd and startcmd...

8.8CVSS7.1AI score0.01054EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/26 12:0 a.m.40 views

Out-of-bounds Write

In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or...

7.8CVSS7.5AI score0.00415EPSS
Exploits1References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/22 12:0 a.m.27 views

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted...

7.5CVSS7.1AI score0.00468EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/11 12:0 a.m.48 views

Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)

The OrderAndPaginate function is used to order and paginate data. It is defined as follows: go func OrderAndPaginatec gin.Context funcdb gorm.DB gorm.DB return funcdb gorm.DB gorm.DB sort := c.DefaultQuery"order", "desc" order := fmt.Sprintf"%s %s", DefaultQueryc, "sortby", "id", sort db =...

7CVSS6.7AI score0.00584EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/11 12:0 a.m.95 views

Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings...

8.8CVSS7.4AI score0.04088EPSS
Exploits2References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/11 12:0 a.m.71 views

Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a...

8.8CVSS7.1AI score0.01537EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/01/03 12:0 a.m.21 views

Vapor contains an integer overflow in URI leading to potential host spoofing

Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI ty...

6.5CVSS6.9AI score0.00601EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/12/28 12:0 a.m.63 views

Potential CSV export data leak

Impact In ActiveAdmin versions prior to 2.12.0, a concurrency issue was found that could allow a malicious actor to be able to access potentially private data that belongs to another user. The bug affects the functionality to export data as CSV files, and was caused by a variable holding the...

6.5CVSS6.9AI score0.00496EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/12/27 12:0 a.m.40 views

hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service DoS via manipulation of the first two parameters...

7.5CVSS7.1AI score0.00654EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities1518