1518 matches found
Use of a Broken or Risky Cryptographic Algorithm
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...
Use of a Broken or Risky Cryptographic Algorithm
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3f6-pc54-gfw7. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...
Duplicate advisory: swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a...
Improper Neutralization
Improper Neutralization in github.com/aws/aws-sdk-go/service/s3/s3crypto...
Improper Authentication
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once...
Incomplete Cleanup
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The hyperlinks functionality in atlaskit/editor-core in allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in link targets...
Incorrect Authorization
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
Server-Side Request Forgery (SSRF)
In Apache Traffic Control Traffic Ops, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file...
Server-Side Request Forgery (SSRF)
In Apache Traffic Control Traffic Ops, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach...
Time-of-check Time-of-use (TOCTOU) Race Condition
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...
Observable Response Discrepancy in Flask-AppBuilder
User enumeration in database authentication in Flask-AppBuilder 3.4.4. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in...
Authentication Bypass by Primary Weakness
Authentication Bypass by Primary Weakness exists in adodb/adodb...
Lookup operations do not take into account wildcards in SpiceDB
SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...
Out-of-bounds Write
GNOME gdk-pixbuf is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals 12...
ANSI escape characters not filtered
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...
Abomonation transmutes &T to and from &[u8] without sufficient constraints
An issue was discovered in the abomonation crate through version 0.7.3 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass...
Use of Uninitialized Resource in acc_reader.
An issue was discovered in the accreader crate through 2020-12-27 for Rust. fillbuf may read from uninitialized memory locations...
Use of Uninitialized Resource in acc_reader.
An issue was discovered in the accreader crate through 2020-12-27 for Rust. readupto may read from uninitialized memory locations...
Out-of-bounds Write in actix-web
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...
Out-of-bounds Write in actix-web
An issue was discovered in the actix-web crate before 0.7.19 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...
Out-of-bounds Write in actix-web
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption...
Allocation of Resources Without Limits or Throttling in Apache Avro
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro and prior versions. Users should update to which addresses this issue...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting XSS vulnerability exits in Anchor CMS =0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations...
Uncontrolled Resource Consumption
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
Out-of-bounds Write
GDAL has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment...
Out-of-bounds Write
Open Asset Import Library aka assimp has a heap-based buffer overflow in m3dsafestr called from m3dload and Assimp::M3DWrapper::M3DWrapper...
Out-of-bounds Write
HarfBuzz has an out-of-bounds write in hbbitsetinvertiblet::set called from hbsparsesett::set and hbsetcopy...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Ajax.Releases are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details...
Excessive Platform Resource Consumption within a Loop in Kubernetes
Abusively constructed YAML payload can significantly reduce parsing performance potentially leading to DoS...
Improper Authentication
Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...
Deserialization of Untrusted Data
In logback version 1.2.9 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...
Duplicate Advisory: Remote Code Execution in AjaxNetProfessional
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r7c-6w96-8pvw. This link is maintained to preserve external references. Original Description All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of...
Incorrect Permission Assignment for Critical Resource
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...
URL Redirection to Untrusted Site ('Open Redirect')
The Auth0 Next.js does not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue...
Incorrect Authorization
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...
Improper Authentication in Flask-AppBuilder
Improper authentication on the REST API. Allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. Only affects non database authentication types, and new REST API endpoints...
Observable Discrepancy
Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid non-SSO accounts because /api/v1/session returned 401 for an existing username and 404 otherwise...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in AjaxNetProfessional...
Remote Code Execution in AjaxNetProfessional
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication sharin...
Improper Certificate Validation
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...
Improper Certificate Validation
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer...
Improper Certificate Validation
Connections initialized by the AWS IoT Device SDK v2 for Java, Python , C++ and Node.js does not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule onward. This issu...
Improper Certificate Validation
Connections initialized by the AWS IoT Device SDK v2 for Java, Python , C++ and Node.js does not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in their trust stores on Windows. This issue has been addressed in aws-c-io submodule onward. This...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...
Cross-Site Request Forgery (CSRF)
twill is vulnerable to Cross-Site Request Forgery CSRF...