1518 matches found
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter...
Files or Directories Accessible to External Parties
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem...
Improper Input Validation
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address...
Use of a Broken or Risky Cryptographic Algorithm
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM and other AEAD ciphers such as AES-GCM-SIV or XChaCha20Poly1305 used by the SDKs to encrypt messages, an attacker can craft a...
Improper Input Validation
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address...
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Cobbler before 3.3.0 allows authorization bypass for modification of settings...
Cobbler before 3.3.0 allows log poisoning
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection...
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...
Externally Controlled Reference to a Resource in Another Sphere
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...
Externally Controlled Reference to a Resource in Another Sphere
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack...
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina
Impact Anyone who is using the default presets and/or does not handle the functionality themself. Patches It has not been patched yet. Workarounds Fully custom presets that change the entire rendering process which can then escape the user input. For more information Even though that I changed al...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting XSS vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page...
Cross-site Scripting
Cross Site Scripting XSS vulnerability exists in the admin panel in Beego via the URI path in an HTTP request, which is activated by administrators viewing the Request Statistics page...
Flask-AppBuilder Open Redirect vulnerability
If using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability...
URL Redirection to Untrusted Site ('Open Redirect')
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
Use of a Broken or Risky Cryptographic Algorithm
The ElGamal implementation in Botan, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's...
URL Redirection to Untrusted Site (Open Redirect)
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
Incorrect Authorization
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook.Validating Admission Webhook does not observe some previous fields...
Weak Password Recovery Mechanism for Forgotten Password
Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0...
Improper Handling of Case Sensitivity
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...
Incorrect Authorization
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...
Improper Handling of Case Sensitivity
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...
Use-after-free in actix-codec
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...
Use-after-free in actix-http
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...
HTTP Request Smuggling in actix-http
Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...
Multiple memory safety issues in actix-web
Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...
Use after free in actix-service
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...
Use after free in actix-utils
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...
Use of Uninitialized Resource in alg_ds
An issue was discovered in the algds crate through 2020-08-25 for Rust. Matrix::new internally calls Matrix::fillwith which uses ptr = value pattern to initialize the buffer. This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of...
Double free in algorithmica
An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. In the affected versions of this crate, mergesort::merge wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking mergesort::merge on Vec can cause...
Free of uninitialized memory in adtensor
An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...
Update unsound DrainFilter and RString::retain
An issue was discovered in the abistable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop...
Update unsound DrainFilter and RString::retain
An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...
Data race in abox
Affected versions of this crate implements Send/Sync for AtomicBox without requiring T: Send/T: Sync. This allows to create data races to T: !Sync and send T: !Send to another thread. Such behavior breaks the compile-time thread safety guarantees of Rust, and allows users to incur undefined...
Improper Control of Generation of Code ('Code Injection')
@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to upda...
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Impact This is pro-active fix. No know exploits exist. Impacted: You're running Kubernetes = v1.19 You're running Argo Server It is configured to with --auth-mode=client Is not configured with --auth-mode=server You are not running Argo Server in Kubernetes pod. E.g. on bare metal or other VM...
Argo Server TLS requests could be forged by attacker with network access
Impact We are not aware of any exploits. This is a pro-active fix. Impacted: You are running Argo Server = v3.0 with --secure unspecified note - running in secure mode is recommended regardless. The attacker is within your network. If you expose Argo Server to the Internet then "your network" is...
Path Traversal
bblfshd is an open source self-hosted server for source code parsing. In bblfshd there is a zipslip vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. This issue may le...
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...
Open Redirect in Flask-User
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple backslashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...
Improper Input Validation
In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...
Improper Restriction of XML External Entity Reference
The package glances are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...
Remote Code Execution via unsafe classes in otherwise permitted modules
The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...
Incorrect Permission Assignment for Critical Resource
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
Incorrect Permission Assignment for Critical Resource
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in github.com/argoproj/argo-workflows...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Zope is an open-source web application server. Zope versions have a remote code execution security issue...
Incorrect Access Control in Nacos
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...