7044 matches found
mailman Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page...
Mailman Sensitive Information Disclosure
Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server...
MoinMoin Improper Access Control
Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as 1 revert and 2 delete...
MoinMoin allows administrative access
MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges...
Openstack nova qcow format could expose host filesystem information
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem...
Mercurial Improper Certificate Validation vulnerability
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack...
Open Redirect in Flask-AppBuilder
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 3.4.5 contain an open redirect vulnerability when using the database authentication login page. There are no known workarounds. Users are recommended to upgrade to version 3.4.5 or later. For more...
Zope XSS Vulnerability
Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform...
Uncontrolled Resource Consumption in Matrix Synapse
ImpactSynapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead t...
Cobbler Web Interface Lacks CSRF Protection
cobbler: Web interface lacks CSRF protection when using Django framework...
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...
Insertion of Sensitive Information into Log File in ansible
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...
pgAdmin 4 Path Traversal vulnerability
When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques...
XML External Entities Vulnerability in CVRF-CSAF-Converter
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
Nicotine+ DoS on Null Character in Download Request
Denial of service DoS vulnerability in Nicotine+ starting with version 3.0.3 and prior to version 3.2.1 allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character...
Cross-site Scripting in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...
SQL Injection in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...
Path traversal in FreeTAKServer-UI
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...
Allocation of Resources Without Limits or Throttling in nvflare
ImpactNVIDIA FLARE contains a vulnerability in Admin Interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailableAll versions before 2.0.16 are affected. PatchesThe patch will be included in nvflare==2.0.16...
Unrestricted Upload of File with Dangerous Type in motionEye
motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials.The GitHub repositories for...
saleor Missing Authorization vulnerability
Missing Authorization in saleor prior to 3.1.2...
Improper Restriction of XML External Entity Reference in trytond and proteus
An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...
XML Entity Expansion in trytond and proteus
An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...
Open Redirect in CPython that affects users of OpenStack Nova
A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL...
open redirect in pollbot
From https://bugzilla.mozilla.org/showbug.cgi?id=1753838Summary:There was an open redirection vulnerability in the path of:https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/Description:An attacker can redirect anyone to malicious sites.Steps To Reproduce:Type in this...
Out of bounds read in Tensorflow
ImpactThe TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect.If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef is then converted to MLIR-based IR then they can caus...
Open Redirect in django-spirit
django-spirit prior to version 0.12.3 is vulnerable to open redirect. In the /user/login endpoint, it doesn't check the value of the next parameter when the user is logged in and passes it directly to redirect which result to open redirect. This also affects /user/logout, /user/register,...
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)
calibre-web is vulnerable to Cross-Site Request Forgery CSRF...
APM Java Agent Local Privilege Escalation
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...
Cross-site Scripting in Ericsson CodeChecker
In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...
Code injection in FreeIPA
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...
calibre-web is vulnerable to Cross-site Scripting
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cross Site Request Forgery in mailman
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request using that token to set a new admin password or make other changes...
Classic Buffer Overflow in pyo
Buffer Overflow Vulnerability exists in ajaxsoundstudio.com in Pyo 1.03 in the Serverdebug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name...
Path Traversal in nemo-toolkit
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available...
Cross-site scripting vulnerability in TinyMCE plugins
ImpactA cross-site scripting XSS vulnerability was discovered in the URL processing logic of the image and link plugins. The vulnerability allowed arbitrary JavaScript execution when updating an image or link using a specially crafted URL. This issue only impacted users while editing and the...
Out-of-bounds Write in OpenCV
In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android...
Out-of-bounds Read in OpenCV
An out-of-bounds read was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.0.25. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this is not true when dealing with small images, leading...
Out-of-bounds Write in OpenCV.
In OpenCV 3.3.1 corresponding with OpenCV-Python 3.3.1.11, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmtjpeg2000.cpp when parsing a crafted image file...
Out-of-bounds Write in OpenCV
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0 corresponds with OpenCV-Python version 4.1.2.30. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code...
Out-of-bounds Read in OpenCV
OpenCV 4.1.1 has an out-of-bounds read in halbaseline::vload in core/hal/intrinsse.hpp when called from computeSSDMeanNorm in modules/video/src/disflow.cpp...
Information disclosure vulnerability in OnionShare
An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature...
Out-of-bounds Write in OpenCV
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0 corresponds with OpenCV-Python 4.1.0.25. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An...
NULL Pointer Dereference in OpenCV.
An issue was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.1.26. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...
Out-of-bounds Read in OpenCV
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1 OpenCV-Python before 3.4.7.28 and 4.x before 4.1.1.26. There is an out of bounds read in the function cv::predictOrdered in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service...
Integer Overflow or Wraparound in OpenCV
In opencv/modules/imgcodecs/src/grfmtpxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 corresponding with OpenCV-Python version 3.3.0.9 and...
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
OpenCV 3.3.1 corresponding with opencv-python and opencv-contrib-python 3.3.1.11 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmtpxm.cpp, because an incorrect size value is used...
Divide By Zero in OpenCV.
An issue was discovered in OpenCV 4.1.0 OpenCV-Python 4.1.0.25. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp...
Out-of-bounds Read and Out-of-bounds Write in OpenCV
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1 OpenCV-Python before 3.4.7.28 and 4.x before 4.1.1.26. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service...