1518 matches found
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service...
Denial of service via HTTP/2 HEADERS frames padding
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...
LeafKit allows XSS with untrusted user input
This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an attacker managed to find a variable that was rendered with their unsanitised data, they could inject scripts into a generated Leaf page, whic...
Arbitrary file read using percent-encoded relative paths in FileMiddleware
Attackers can access data at arbitrary filesystem paths on the same host as an application using FileMiddleware...
Vapor's Metrics integration could cause a system drain
This is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app with the following attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create “unlimited” counters and timers, which will eventually drain the system. 2...
Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash
A bug in the Data.initbase32Encoded: function opens up the potential for exposing server memory and/or crashing the server Denial of Service for applications where untrusted data can end up in said function. Vapor does not currently use this function itself so this only impact applications that u...
Uncontrolled Resource Consumption in LengthPrefixedMessageReader
Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of service...
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...
Swift-corelibs-foundation denial of service in JSON decoding with JSONDecoder
A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift standard...
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was considered complete. If trailing junk data was appended ...
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware
Vapor is an HTTP web framework for Swift and middleware is a logic chain between the client and a Vapor route handler. FileMiddleware enables the serving of assets from the Public folder of a project to the client. Vapor before 4.60.3 is vulnerable to denial of service due to an integer overflow...
Vapor vulnerable to denial of service in URLEncodedFormDecoder
Vapor is an HTTP web framework for Swift. Vapor versions earlier than 4.61.1 are vulnerable to a denial of service in the URLEncodedFormDecoder...
Inefficient Regular Expression Complexity
A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting XSS - Stored in GitHub repository admidio/admidio prior to 4.2.8...
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Versions of the package yhirose/cpp-httplib before 0.12.4 is vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due ...
Buffer Underwrite ('Buffer Underflow')
c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...
Use of Insufficiently Random Values
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
Uncontrolled Resource Consumption
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
Use of Insufficiently Random Values
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service...
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header
Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other issues. Thi...
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logica...
swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. This vulnerability is caused by a logical error...
swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. There are a number of...
PostgresNIO processes unencrypted bytes from man-in-the-middle
Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim from...
Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header
When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by a proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session cookie to other clients. The severity depends on the...
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version 0.6.1, there is a possible prototype pollution issue for the MetadataRecord, when merged with a base class' metadata object, in meta decorator from the @aedart/support package. The...
Authentication Bypass by Capture-replay
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...
Observable Discrepancy
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...
Observable Discrepancy
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Improper Access Control
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Session Fixation
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
Lack of rate limiting will allow an attacker to brute-force user credentials...
Out-of-bounds Read
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read...
Out-of-bounds Read
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3decodeblock out-of-bounds read...
Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3decodeblock...
Out-of-bounds Write
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3decodeblock...
Out-of-bounds Write
An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3decodeblock out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais...
Out-of-bounds Read
An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a...
Improper Authentication
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...
Server-Side Request Forgery (SSRF)
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...
Stud42 vulnerable to denial of service
Stud42's API is vulnerable to a denial of service because the API pod can be overloaded by the GraphQL parser...
zstd vulnerable to buffer overrun
A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer overrun...
Incorrect Permission Assignment for Critical Resource
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module...
Hippo4j privilege escalation issue
An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module...