1518 matches found
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...
Helm OCI credentials leaked into Argo CD logs
Impact When Argo CD was connected to a Helm OCI repository with authentication enabled, the credentials used for accessing the remote repository were logged. Anyone with access to the pod logs - either via access with appropriate permissions to the Kubernetes control plane or a third party log...
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB. The functions RandomAlphaNumericint and CryptoRandomAlphaNumericint are not as random as they should be...
Local directory executable lookup in sops (Windows-only)
Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...
Improper Input Validation
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash...
Improper Input Validation
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash...
Improper Authentication
Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct...
Improper Preservation of Permissions
In Gogs 0.11.91, MakeEmailPrimary in models/usermail.go lacks a "not the owner of the email" check...
Insertion of Sensitive Information into Log File
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it...
Improper Access Control
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the...
Missing Authorization
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks...
Loop with Unreachable Exit Condition ('Infinite Loop')
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...
Out-of-bounds Read
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
Prototype pollution in 101
Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution...
Open Redirect in Flask-Security-Too
Flask-Security allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc network location as the requesting URL. This check utilizes Pythons...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ACS Commons version 4.9.2 and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content...
Use After Free
A possible use-after-free and double-free in c-ares lib if aresdestroy is called prior to aresgetaddrinfo completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability...
Missing Authorization
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
Uncontrolled Resource Consumption
JPA Server in HAPI FHIR allows a user to deny service e.g., disable access to the database after the attack stops via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many...
Server-Side Request Forgery (SSRF)
An SSRF issue in Open Distro for Elasticsearch ODFE allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope...
Missing Authentication for Critical Function
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the...
Missing Authentication for Critical Function
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly...
Authentication Bypass by Spoofing
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...
Authentication Bypass by Spoofing
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos, when configured to use authentication -Dnacos.core.auth.enabled=true it uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos server...
Out-of-bounds Read
An issue was discovered in giflib DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read...
Out-of-bounds Read
A heap-based buffer over-read was discovered in cpp-peglib's peg::resolveescapesequence in peglib.h...
NULL Pointer Dereference
A NULL pointer dereference was discovered in cpp-peglib's peg::AstOptimizer::optimize located in peglib.h. It allows an attacker to cause a Denial of Service...
Cross-Site Request Forgery
Cross-Site Request Forgery in Flask-Security-Too...
Integer Overflow or Wraparound
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
Stack-based Buffer Overflow
A flaw was found in cairo's image-compositor.c in all This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input to cause a stack...
Improper Link Resolution Before File Access
When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled...
Observable Timing Discrepancy
The activerecord-sessionstore aka Active Record Session Store component for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a...
Insecure Temporary File
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root...
Observable Timing Discrepancy
Constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...
Incorrect Conversion between Numeric Types
An issue was discovered in GNOME GLib The function gbytesnew has an integer overflow on platforms due to an implicit cast from bits to bits. The overflow could potentially lead to memory corruption...
Incorrect Conversion between Numeric Types
An issue was discovered in GNOME GLib If gbytearraynewtake was called with a buffer of 4GB or more on a platform, the length would be truncated modulo 232, causing unintended length truncation...
Uncontrolled Resource Consumption
In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service...
Uncontrolled Resource Consumption
The PostgreSQL adapter in Active Record suffers from a regular expression denial of service REDoS vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the...
Integer Overflow or Wraparound
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...
NULL Pointer Dereference
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
NULL Pointer Dereference
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
NULL Pointer Dereference
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
NULL Pointer Dereference
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...
Integer Overflow or Wraparound
An integer overflow issue exists in Godot Engine that can be triggered when loading specially crafted TGA image files...
Out-of-bounds Write
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...
Key Caching behavior in the DynamoDB Encryption Client.
Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...
Use After Free
Acrobat Reader DC versions versions 2020.013.20074 and earlier, 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current...
Regular Expression Denial of Service
The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
Incorrect Permission Assignment for Critical Resource
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control to to, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP...