1518 matches found
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
An authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and...
Duplicate
This advisory duplicates another...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...
Incorrect Authorization
All unpatched versions of Argo CD starting with v1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level...
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...
Cross site scripting in ameos_tarteaucitron
The ameostarteaucitron aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible extension before 1.2.23 for TYPO3 allows XSS...
Exposure of Resource to Wrong Sphere
Azure Storage Library Information Disclosure Vulnerability...
Incorrect Authorization
All unpatched versions of Argo CD starting with v1.0.0 is vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level...
Exposure of Resource to Wrong Sphere
Azure Storage Library Information Disclosure Vulnerability...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...
RCE bug with Serialized Columns in Active Record
When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database via means like SQL injection, then it may be possible for the attacker to escalate to an RCE. There are no...
Improper Certificate Validation
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OpenID Connect OIDC...
Improper Authentication
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The leafInfo.match function in Beego v2.0.3 and below uses path.join to deal with wildcardvalues which can lead to cross directory risk...
Improper Authentication
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The leafInfo.match function in Beego v2.0.3 and below uses path.join to deal with wildcardvalues which can lead to cross directory risk...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Admidio 4.1.2 version is affected by stored cross-site scripting XSS...
Missing Release of Memory after Effective Lifetime
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...
Double Free
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack...
NULL Pointer Dereference
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack...
Missing Release of Memory after Effective Lifetime
DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
OFFIS DCMTK's All versions prior to 3.6.7 service class provider SCP is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
OFFIS DCMTK's All versions prior to 3.6.7 service class user SCU is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution...
NULL Pointer Dereference
OFFIS DCMTK's All versions prior to 3.6.7 has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Improper Privilege Management
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
Improper Privilege Management
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
Integer Overflow or Wraparound
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors...
DoS through large manifest files in Argo CD
Impact All versions of Argo CD starting with v0.7.0 is vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service. The repo-server is a critical component of Argo CD, so crashing the repo-server effectively denies core Argo CD...
DoS through large manifest files in Argo CD
Impact All versions of Argo CD starting with v0.7.0 is vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service. The repo-server is a critical component of Argo CD, so crashing the repo-server effectively denies core Argo CD...
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows...
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
Impact All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd/v2...
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Impact All unpatched versions of Argo CD starting with v1.3.0 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be use...
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Impact All unpatched versions of Argo CD starting with v1.3.0 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be use...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd...
Relative Path Traversal
Relative Path Traversal in github.com/argoproj/argo-events...
Uncontrolled Resource Consumption
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...
`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
abomonation transmutes &T to and from &[u8] without sufficient constraints
This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...
Missing Release of Memory after Effective Lifetime
A memory leak out-of-memory in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file...
Out-of-bounds Read
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress...
Unsafe deserialization in com.alibaba:fastjson
The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...
Server-side request forgery in Apache Dubbo
bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the allowed host check which can cause open redirect or SSRF vulnerability...
OS Command Injection in file editor in Gogs
Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...
Path Traversal in file editor on Windows in Gogs
Impact The malicious user is able to delete and upload arbitrary files. All installations on Windows with repository upload enabled default are affected. Patches Path cleaning has accommodated for Windows. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...
Path Traversal in Git HTTP endpoints in Gogs
Impact The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected. Patches Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...
Server-Side Request Forgery in gogs webhook
Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...
OS Command Injection in gogs
Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...