1518 matches found
Deserialization of Untrusted Data
A deserialization of untrusted data vulnernerability exists in rails, rails that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...
Cross-Site Request Forgery (CSRF)
A CSRF vulnerability exists in rails rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...
Unrestricted Upload of File with Dangerous Type
A client side enforcement of server side security vulnerability exists in rails and rails ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...
Loop with Unreachable Exit Condition (Infinite Loop)
The x/text package for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an...
Uncontrolled Resource Consumption
GNU Bison allows attackers to cause a denial of service application crash...
Deserialization of Untrusted Data
phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...
Server-Side Request Forgery (SSRF)
The Kubernetes kube-controller-manager is vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to bytes of arbitrary information from unprotected endpoints within the master's host network such as link-local or loopback services...
Information disclosure issue in Active Resource
There is a possible information disclosure issue in Active Resource v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information...
Path Traversal
There is a vulnerability in actionpackpage-caching that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...
URL Redirection to Untrusted Site (Open Redirect)
macaron before has an open redirect in the static handler...
Information Exposure
Actions Http-Client can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: make an http request with an authorization header that request leads to a redirect 302 the redirect url redirects to...
Cross-site Scripting
Anch allows admins to cause XSS via crafted post content...
Injection Vulnerability
cpp-httplib does not filter \r\n in parameters passed into the setredirect and setheader functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts...
Cross-site Scripting
Jenkins AWSEB Deployment Plugin does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability...
Improper Restriction of Operations within the Bounds of a Memory Buffer
An issue was discovered in USC iLab cereal. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if the archive is...
Release of Invalid Pointer or Reference
An issue was discovered in USC iLab cereal. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if a std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same address...
Allocation of Resources Without Limits or Throttling
The Kubelet component has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port, and the authenticated HTTPS API typically served on port...
Allocation of Resources Without Limits or Throttling
The Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests...
Cross-site Scripting
In ActionView there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS...
SQL Injection
In Administrate rubygem, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord SQL protections. Whils...
Improper Verification of Cryptographic Signature
golang.org/x/crypto allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...
Insufficiently Protected Credentials
Jenkins Applatix Plugin stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
Inclusion of Functionality from Untrusted Control Sphere
The 1 createbranch, 2 createtag, 3 importproject, and 4 forkproject functions in lib/gitlabprojects.rb allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface...
Improper Privilege Management
The parsecmd function in lib/gitlabshell.rb allows remote authenticated users to gain privileges and clone arbitrary repositories...
Information Exposure
GSocketClient in GNOME GLib may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest...
Insufficiently Protected Credentials
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross-Site Request Forgery (CSRF)
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Loop with Unreachable Exit Condition (Infinite Loop)
Istio allows Denial of Service because continueonlistenerfilterstimeout is set to True...
Out-of-bounds Read
In Apache Thrift, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...
Loop with Unreachable Exit Condition (Infinite Loop)
In Apache Thrift, a server or client may run into an endless loop when feed with specific input data...
Improper Authentication
Auth0 auth0.net has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...
XML Entity Expansion
go-yaml is vulnerable to a Billion Laughs Attack...
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
The File Session Manager in Beego allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions...
Incorrect Default Permissions
The File Session Manager in Beego allows local users to read session files because of weak permissions for individual files...
Improper Authentication
Improper authentication is possible in Apache Traffic Control versions if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password...
Credentials Management
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver which make use of basic or bearer token authentication, and run at high verbosity...
Incorrect Default Permissions
In kubelet, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 root on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not...
Incorrect Regular Expression
Istio mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Premium Software CLEdit The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link A element...
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...
Improper Input Validation
Istio mishandles certain access tokens, leading to Epoch 0 terminated with an error in Envoy. This is related to a jwtauthenticator.cc segmentation fault...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in @apollo/gateway...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafte...
Cross-site Scripting
XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. This...
Improper Access Control
Istio has Incorrect Access Control...
Improper Certificate Validation
An issue was discovered in Hybrid Group Gobot. The mqtt subsystem skips verification of root CA certificates by default...
Server Side Request Forgery in Apache Axis
A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration...
Incorrect Permission Assignment for Critical Resource
In Kubernetes, schema info is cached by kubectl in the location specified by --cache-dir defaulting to $HOME/.kube/http-cache, written with world-writeable permissions rw-rw-rw-. If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files ma...
Generation of Error Message Containing Sensitive Information
Auth0 Auth0-WCF-Service-JWT leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...