1489 matches found
Multiple memory safety issues in actix-web
Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...
Free of uninitialized memory in adtensor
An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...
HTTP Request Smuggling in actix-http
Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...
Double free in algorithmica
An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. In the affected versions of this crate, mergesort::merge wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking mergesort::merge on Vec can cause...
Data race in abox
Affected versions of this crate implements Send/Sync for AtomicBox without requiring T: Send/T: Sync. This allows to create data races to T: !Sync and send T: !Send to another thread. Such behavior breaks the compile-time thread safety guarantees of Rust, and allows users to incur undefined...
Update unsound DrainFilter and RString::retain
An issue was discovered in the abistable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop...
Update unsound DrainFilter and RString::retain
An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...
Use of Uninitialized Resource in alg_ds
An issue was discovered in the algds crate through 2020-08-25 for Rust. Matrix::new internally calls Matrix::fillwith which uses ptr = value pattern to initialize the buffer. This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of...
Argo Server TLS requests could be forged by attacker with network access
Impact We are not aware of any exploits. This is a pro-active fix. Impacted: You are running Argo Server = v3.0 with --secure unspecified note - running in secure mode is recommended regardless. The attacker is within your network. If you expose Argo Server to the Internet then "your network" is...
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Impact This is pro-active fix. No know exploits exist. Impacted: You're running Kubernetes = v1.19 You're running Argo Server It is configured to with --auth-mode=client Is not configured with --auth-mode=server You are not running Argo Server in Kubernetes pod. E.g. on bare metal or other VM...
Path Traversal
bblfshd is an open source self-hosted server for source code parsing. In bblfshd there is a zipslip vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. This issue may le...
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...
Improper Input Validation
In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...
Improper Restriction of XML External Entity Reference
The package glances are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...
Open Redirect in Flask-User
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple backslashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...
Remote Code Execution via unsafe classes in otherwise permitted modules
The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...
Incorrect Permission Assignment for Critical Resource
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in github.com/argoproj/argo-workflows...
Incorrect Access Control in Nacos
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...
Incorrect Permission Assignment for Critical Resource
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Zope is an open-source web application server. Zope versions have a remote code execution security issue...
Improper Restriction of Excessive Authentication Attempts
As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence...
Insecure Default Initialization of Resource
As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be ke...
Out-of-bounds Write
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out-of-bounds write on the heap with the possibility of remote code execution...
Uncontrolled Resource Consumption
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...
URL Redirection to Untrusted Site ('Open Redirect')
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirectto parameter, related to the function isValidRedirect in routes/user/auth.go...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...
URL Redirection to Untrusted Site (Open Redirect)
PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link...
Cross-site Scripting
nextjs-auth0 lacks HTML escaping for error messages...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...
Repository credentials passed to alternate domain
While working on the Helm source, a Helm core maintainer discovered a situation where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Impact The index.yaml within a Helm chart repository contains a...
Inadequate Encryption Strength
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making ...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended director...
Improper Certificate Validation
Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting in a panic via a malformed X.509 certificate...
Exposure of Sensitive Information to an Unauthorized Actor
Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. Thi...
Missing Authentication for Critical Function
The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables...
Exposure of Resource to Wrong Sphere
The Jetpack Carousel module of the JetPack WordPress plugin allows users to create a carousel type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published page/posts to...
Improper Authentication
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within the app, as well as any...
Uncontrolled Resource Consumption
JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are...
Open redirect in Flask-Unchained
This affects the package Flask-Unchained before 0.9.0. When using the the validateredirecturl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only exploitable if an...
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to and...
Improper Input Validation
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The media2click aka 2 Clicks for External Media extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account...
Deserialization of Untrusted Data
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
Improper Verification of Cryptographic Signature
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In addition to these signatures, the ESDK uses AES-GCM encryption and all plaintext is verified before being released to a caller. There is no impact on the...
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages...
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated...