1518 matches found
phpCAS vulnerable to Service Hostname Discovery Exploitation
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-2126...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument tablename leads to sql injection. The attack may be launched remotely. The exploit has been...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public a...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...
Deserialization of Untrusted Data
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...
Missing Release of Resource after Effective Lifetime
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
Missing Release of Resource after Effective Lifetime
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Gogs, versions v0.6.5 through v0.12.10 is vulnerable to Stored Cross-Site Scripting XSS that leads to an account takeover...
Cross-Site Request Forgery (CSRF)
In AdGuardHome, versions v0.95 through v0.108.0-b.13 is vulnerable to Cross-Site Request Forgery CSRF, in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules...
URL Redirection to Untrusted Site ('Open Redirect')
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
When an etcd instance attempts to perform service discovery, if a cluster size is provided as a negative value, the etcd instance will panic without recovery...
Weak Password Requirements
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...
etcd user credentials are stored in WAL logs in plaintext
The etcd assumes that the on disk files are secure. The possible fixes have been provided, however, it is the responsibility of the etcd users to make sure that the etcd server WAL log files are secure...
Improper Validation of Array Index
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime...
etcd vulnerable to TOCTOU of gateway endpoint authentication
The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail The gateway only authenticates endpoints detected from DNS SRV records, and it only authenticates the detected endpoints once...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cloudreve versions v1.0.0 through v3.5.3 is vulnerable to Stored Cross-Site Scripting XSS, via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation...
personnummer/dart vulnerable to Improper Input Validation
This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity...
KubeVirt vulnerable to arbitrary file read on host
As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting XSS - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1...
golang.org/x/net/http2 Denial of Service vulnerability
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
golang.org/x/net/http2 Denial of Service vulnerability
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...
x/crypto/ssh vulnerable to panic via SSH server
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
x/crypto/ssh vulnerable to panic via SSH server
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
Out-of-bounds Write
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow...
Improper Input Validation
A segmentation fault SEGV flaw was found in the Fribidi package and affects the fribidiremovebidimarks function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service...
Out-of-bounds Write
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidicaprtltounicode function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the --caprtl option, leading to a crash and...
Improper Input Validation
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...
Improper Initialization
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B...
Out-of-bounds Read
Open Asset Import Library assimp commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes...
Out-of-bounds Write
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service...
Duplicate
This advisory duplicates another...
Pinniped Supervisor Insufficient Session Expiration vulnerability
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor before v0.19.0. A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow...
Allocation of Resources Without Limits or Throttling
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer...
Denial of service through string value parsing
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...
Files or Directories Accessible to External Parties
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition...
Use of Hard-coded Credentials
Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...
Exposure of Resource to Wrong Sphere
Ethermint is an Ethereum library. In Ethermint running versions before v0.17.2, the contract selfdestruct invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the DeleteAccountfunction, all contracts that used the identical bytecod...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
Relative Path Traversal
Relative Path Traversal in kubevirt.io/kubevirt...
Improper Authentication
Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2...
Gitea allowed assignment of private issues
In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea there was no permission check for fetching the issue. As a result, the attacker would get access to private issue title...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Adobe Experience Manager Core Components version 2.20.6 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
Insufficient Session Expiration
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0...
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...
Improper Certificate Validation
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
Improper Certificate Validation
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
Improper Certificate Validation
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
Duplicate
This advisory duplicates another...