7044 matches found
Authenticated Local Privilege Escalation vulnerability in Intel Optimization for Tensorflow
Improper buffer restrictions in the IntelR Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access...
FaucetSDN Ryu Denial of Service Vulnerability
An issue was discovered in OFPQueueGetConfigReply in parser.py in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service DoS infinite loop...
RDiffWeb vulnerable to Allocation of Resources Without Limits or Throttling
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0...
Fides Webserver Vulnerable to Zip Bomb File Uploads
ImpactThe Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver.This...
ScanCode.io command injection in docker image fetch process
Command Injection in docker fetch process SummaryA possible command injection in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. DetailsIn the function scanpipe/pipes/fetch.py:fetchdockerimage1 the parameter dockerreference is user controllable...
Privilege escalation via ApiTokensEndpoint
ImpactAn attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests.There is no evidence that the issue was exploited on https://sentry.io. For...
Fides Webserver Vulnerable to SVG Bomb File Uploads
ImpactThe Fides webserver is vulnerable to a type of Denial of Service DoS attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs similar to a billion laughs attack, causing resource exhaustion in Admin UI browser tabs and creating a persistent denial ...
Apache Airflow Apache Hive Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.Patching on top of CVE-2023-35797Before6.1.2the proxyuser option can also inject semicolon.This issue affects Apache Airflow Apache Hive Provider: before 6.1.2.It is recommended updating...
Keylime's registrar vulnerable to Denial-of-service attack via a single open connection
ImpactKeylime registrar is prone to a simple denial of service attack in which an adversary opens a connection to the TLS port by default, port 8891 blocking further, legitimate connections. As long as the connection is open, the registrar is blocked and cannot serve any further clients agents an...
Denial of service in neutron
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox
ImpactKiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introducedchanges which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed...
Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection.In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...
gRPC connection termination issue
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...
yt-dlp File Downloader cookie leak
ImpactDuring file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host.This vulnerable behavior is present in all versions of youtube-dl...
Apache Superset Server-Side Request Forgery vulnerability
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability existsin...
gRPC Reachable Assertion issue
There exists an vulnerability causing an abort to be called in gRPC.The following headers cause gRPC's C++ implementation to abort when called via http2:te: x x != trailers:scheme: x x != http, httpsgrpclbclientstats: x x == anythingOn top of sending one of those headers, a later header must be...
Apache Superset vulnerable to Exposure of Sensitive Information
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API.This issue affects Apache Superset version 1.3.0 up to 2.0.1...
Reportlab vulnerable to remote code execution
Reportlab up to and including v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file...
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload
ImpactKiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded and Content-Security-Policy definition to prevent cross-site-scripting attacks. The...
Apache Airflow ODBC Provider Argument Injection vulnerability
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider.In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...
kiwitcms vulnerable to stored XSS via unrestricted files upload
ImpactKiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded, see GHSA-fwcf-753v-fgcj and Content-Security-Policy definition to prevent...
jcvi vulnerable to Configuration Injection due to unsanitized user input
SummaryA configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. PoCThe vulnerable code snippet is...
Apache Airflow JDBC Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...
hnswlib Double Free vulnerability
Hnswlib 0.7.0 has a double free in initindex when the M argument is a large integer...
Connection confusion in gRPC
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...
Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.Thisvulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...
PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop.This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a...
PyPDF2 quadratic runtime with malformed PDF missing xref marker
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime.This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. Patcheshttps://github.com/py-pdf/pypdf/pull/808 WorkaroundsIs...
pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if parsecontentstream is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the...
Improper Restriction of Excessive Authentication Attempts in calibreweb
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20...
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation
Allegro Tech BigFlow prior to 1.6.0 is vulnerable to Missing SSL Certificate Validation...
Apache superset missing check for default SECRET_KEY
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
Apache Superset vulnerable to Improper Authorization
An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1...
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
ImpactLack of rate limiting will allow an attacker to brute-force user credentials. PatchesAbility to enable rate limiting on Flask-AppBuilder = 4.3.0. Use AUTHRATELIMITED = True and RATELIMITENABLED = True set the limit itself by using AUTHRATELIMIT. Will apply only to database authentication...
Any file can be included with the pymdown-snippets extension
SummaryArbitrary file read when using include file syntax. DetailsBy using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...
Unrestricted file upload in kiwi TCMS
ImpactKiwi TCMS allows users to upload attachments to test plans, test cases, etc. In earlier versions there is no control over what kinds of files can be uploaded. Thus a malicious actor may upload an .exe file or a file containing embedded JavaScript and trick others into clicking on these file...
Weak Password Requirements in calibreweb
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20...
git-url-parse Regular Expression Denial of Service
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
kiwi TCMS has possibility for user to update email address to unverified one
ImpactIn previous versions of Kiwi TCMS users were able to update their email addresses via the "My profile" admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. PatchesWith Kiwi TCMS...
configobj ReDoS exploitable by developer using values in a server-side configuration file
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?\.\. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...
pgAdmin 4 vulnerable to directory traversal
pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database...
TensorFlow has Heap-buffer-overflow in AvgPoolGrad
Impactpythonimport osos.environ'TFENABLEONEDNNOPTS' = '0'import tensorflow as tfprinttf.versionwith tf.device"CPU": ksize = 1, 40, 128, 1 strides = 1, 128, 128, 30 padding = "SAME" dataformat = "NHWC" originputshape = 11, 9, 78, 9 grad = tf.saturatecasttf.random.uniform16, 16, 16, 16, minval=-128...
Apache Airflow Drill Provider vulnerable to improper input validation
Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized...
TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
ImpactIf the parameter indices for DynamicStitch does not match the shape of the parameter data, it can trigger an stack OOB read.pythonimport tensorflow as tffunc = tf.rawops.DynamicStitchpara='indices': 0xdeadbeef, 405, 519, 758, 1015, 'data': 110.27793884277344, 120.29475402832031,...
TensorFlow vulnerable to integer overflow in EditDistance
ImpactTFversion 2.11.0 //tensorflow/core/ops/arrayops.cc:1067 const Tensor hypothesisshapet = c-inputtensor2; std::vector dimshypothesisshapet-NumElements - 1; for int i = 0; i MakeDimstd::maxhvaluesi, tvaluesi; if hypothesisshapet is empty, hypothesisshapet-NumElements - 1 will be integer...
TensorFlow has Null Pointer Error in SparseSparseMaximum
ImpactWhen SparseSparseMaximum is given invalid sparse tensors as inputs, it can give an NPE. pythonimport tensorflow as tftf.rawops.SparseSparseMaximum aindices=1, avalues = 0.1 , ashape = 2, bindices=, bvalues =2 , bshape = 2, PatchesWe have patched the issue in GitHub commit...
TensorFlow Denial of Service vulnerability
ImpactA malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack.To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed i...
TensorFlow has Null Pointer Error in TensorArrayConcatV2
ImpactWhen ctx-stepcontainter is a null ptr, the Lookup function will be executed with a null pointer.pythonimport tensorflow as tftf.rawops.TensorArrayConcatV2handle='a', 'b', flowin = 0.1, dtype=tf.int32, elementshapeexcept0=1 PatchesWe have patched the issue in GitHub commit...
TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
ImpactWhen the parameter summarize of tf.rawops.Print is zero, the new method SummarizeArray will reference to a nullptr, leading to a seg fault.pythonimport tensorflow as tftf.rawops.Printinput = tf.constant1, 1, 1, 1,dtype=tf.int32, data = False, False, False, False, False, False, False, False,...
Apache Airflow Spark Provider vulnerable to improper input validation
Apache Software Foundation Apache Airflow Spark Provider before 4.0.1 is vulnerable to improper input validation because the host and schema of JDBC Hook can contain / and ? which is used to denote the end of the field...