1489 matches found
Out-of-bounds Write
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Out-of-bounds Write
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Cross-site Scripting
Users of the HAPI FHIR Testpage Overlay can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believ...
Improper Input Validation
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or...
Improper Input Validation
In the @actions/core npm module, addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modified...
Information Exposure
Nacos suffers from a flaw where users can access service details when unauthenticated. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged...
Improper Input Validation
xmlquery lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service SIGSEGV at xmlquery.Node.InnerText or possibly have unspecified other impact...
Buffer Overflow
A buffer overflow exists in the Brotli library where an attacker controlling the input length of a one-shot decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB...
Cross-site Scripting
In Action View there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default...
Improper Input Validation
apollo-adminservice does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it does not have access control built-in. Malicious hackers may access...
Malicious Package
All versions of 1337qq-js contain malicious code. The package exfiltrates sensitive information through install scripts. It targets UNIX systems. The information exfiltrated includes: - Environment variables - Running processes - /etc/hosts - uname -a - npmrc file Remove the package from your...
Malicious Package
of 8.9.4 contain malicious code as a preinstall script. The package reads the system's SSH keys but does not upload it to a remote server. Remove the package from your environment. There is no evidence of further compromise at the moment...
Malicious Package
All versions of 4equest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process w...
Use After Free
GNU Bison has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was...
Path Traversal
The resolveRepositoryPath function does not properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of t...
Improper Authentication
The Kubelet and kube-proxy components were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but...
Uncontrolled Resource Consumption
The Kubernetes kubelet component do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of dat...
URL Redirection to Untrusted Site (Open Redirect)
The Kubernetes kube-apiserver is vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise...
Improper Control of Generation of Code ('Code Injection')
The is a code injection vulnerability in versions of Rails that wouldallow an attacker who controlled the locals argument of a render call to perform a RCE...
False positive
This advisory has been marked as a False Positive and has been removed...
Information Exposure
An issue was discovered in the acf-to-rest-api plugin for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and password values...
Deserialization of Untrusted Data
A deserialization of untrusted data vulnernerability exists in rails, rails that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...
Unrestricted Upload of File with Dangerous Type
A client side enforcement of server side security vulnerability exists in rails and rails ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...
Cross-Site Request Forgery (CSRF)
A CSRF vulnerability exists in rails rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...
Loop with Unreachable Exit Condition (Infinite Loop)
The x/text package for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an...
Uncontrolled Resource Consumption
GNU Bison allows attackers to cause a denial of service application crash...
Deserialization of Untrusted Data
phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...
Server-Side Request Forgery (SSRF)
The Kubernetes kube-controller-manager is vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to bytes of arbitrary information from unprotected endpoints within the master's host network such as link-local or loopback services...
Information disclosure issue in Active Resource
There is a possible information disclosure issue in Active Resource v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information...
Path Traversal
There is a vulnerability in actionpackpage-caching that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...
URL Redirection to Untrusted Site (Open Redirect)
macaron before has an open redirect in the static handler...
Information Exposure
Actions Http-Client can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: make an http request with an authorization header that request leads to a redirect 302 the redirect url redirects to...
Cross-site Scripting
Anch allows admins to cause XSS via crafted post content...
Injection Vulnerability
cpp-httplib does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...
Cross-site Scripting
Jenkins AWSEB Deployment Plugin does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability...
Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in USC iLab cereal. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if the archive is...
Release of Invalid Pointer or Reference
An issue was discovered in USC iLab cereal. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if a std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same address...
Allocation of Resources Without Limits or Throttling
The Kubelet component has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port, and the authenticated HTTPS API typically served on port...
Allocation of Resources Without Limits or Throttling
The Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests...
Cross-site Scripting
In ActionView there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS...
SQL Injection
In Administrate rubygem, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord SQL protections. Whils...
Improper Verification of Cryptographic Signature
golang.org/x/crypto allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...
Insufficiently Protected Credentials
Jenkins Applatix Plugin stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
Inclusion of Functionality from Untrusted Control Sphere
The 1 createbranch, 2 createtag, 3 importproject, and 4 forkproject functions in lib/gitlabprojects.rb allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface...
Improper Privilege Management
The parsecmd function in lib/gitlabshell.rb allows remote authenticated users to gain privileges and clone arbitrary repositories...
Information Exposure
GSocketClient in GNOME GLib may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest...
Insufficiently Protected Credentials
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross-Site Request Forgery (CSRF)
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Loop with Unreachable Exit Condition (Infinite Loop)
Istio allows Denial of Service because continueonlistenerfilterstimeout is set to True...
Loop with Unreachable Exit Condition (Infinite Loop)
In Apache Thrift, a server or client may run into an endless loop when feed with specific input data...