Authentication Bypass by Capture-replay

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

Observable Discrepancy

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

Observable Discrepancy

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

Improper Access Control

Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

Session Fixation

Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

Flask-AppBuilder Has No Rate Limiting on Login AUTH DB

Lack of rate limiting will allow an attacker to brute-force user credentials...

Out-of-bounds Write

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3decodeblock...

Out-of-bounds Write

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3decodeblock out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais...

Out-of-bounds Read

An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a...

Out-of-bounds Read

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read...

Out-of-bounds Read

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3decodeblock out-of-bounds read...

Improper Restriction of Operations within the Bounds of a Memory Buffer

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3decodeblock...

Improper Authentication

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...

Server-Side Request Forgery (SSRF)

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...

Stud42 vulnerable to denial of service

Stud42's API is vulnerable to a denial of service because the API pod can be overloaded by the GraphQL parser...

zstd vulnerable to buffer overrun

A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer overrun...

Incorrect Permission Assignment for Critical Resource

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module...

Hippo4j privilege escalation issue

An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module...

dio vulnerable to CRLF injection with HTTP method string

The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669...

CairoSVG improperly processes SVG files loaded from external resources

When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. When CairoSVG processes an SVG file, it can send requests to external hosts and wait for a response from the external server after a successful TCP handshake. This will cause the server to han...

Exposure of Sensitive Information in OpenGoofy Hippo4j

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module...

Possible XSS Security Vulnerability in SafeBuffer#bytesplice

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...

Improper Control of Generation of Code ('Code Injection')

Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

Relative Path Traversal

Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.convertors...

Relative Path Traversal

Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.utilities...

Relative Path Traversal

Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.core...

Relative Path Traversal

Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.r5...

Relative Path Traversal

Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.r4b...

Relative Path Traversal

Relative Path Traversal in ca.uhn.hapi.fhir:org.hl7.fhir.validation...

Use of Hard-coded Credentials

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

Improper Input Validation

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this. From the fix commit notes: Unlike the rest of nistec, the P-256 assembly does not use complete addition formulas, meaning that...

api-platform/core's secured properties may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...

Uncontrolled Resource Consumption

This advisory has been marked as a false positive...

Uncontrolled Resource Consumption

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service...

Uncontrolled Resource Consumption

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

Uncontrolled Resource Consumption

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

Inefficient Regular Expression Complexity

A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...

Exposure of Sensitive Information to an Unauthorized Actor

Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS...

Uncontrolled Resource Consumption

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

Uncontrolled Resource Consumption

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength,...

Go SSH library vulnerable to Man-in-the-Middle attacks

The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...

Go SSH library vulnerable to Man-in-the-Middle attacks

The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...

Improper Input Validation in etcd

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

Exposure of Sensitive Information in EVE-SRP

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may ...