Chakra Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2020-17054.
By default, Apache CXF creates a `/services` page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the `styleSheetPath`, which allows a malicious actor to inject javascript into the web page. Please note that this is a separate issue to CVE-2019-17573.
By default, Apache CXF creates a `/services` page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the `styleSheetPath`, which allows a malicious actor to inject javascript into the web page. Please note that this is a separate issue to CVE-2019-17573.
By default, Apache CXF creates a `/services` page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the `styleSheetPath`, which allows a malicious actor to inject javascript into the web page. Please note that this is a separate issue to CVE-2019-17573.
Prototype pollution vulnerability in deephas may allow an attacker to cause a denial of service, or possibly lead to remote code execution.
By default, Apache CXF creates a `/services` page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the `styleSheetPath`, which allows a malicious actor to inject javascript into the web page. Please note that this is a separate issue to CVE-2019-17573.
Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending emails.
The `apply` function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.
A prototype pollution vulnerability in controlled-merge may allow an attacker to cause a denial of service, or possibly lead to remote code execution.
This affects all versions of package json-ptr. The issue occurs in the set operation `https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.html#set` when the force flag is set to true. The function recursively sets the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.
Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.
A prototype pollution vulnerability in @strikeentco/set may allow an attacker to cause a denial of service, or possibly lead to remote code execution.
By default, Apache CXF creates a `/services` page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the `styleSheetPath`, which allows a malicious actor to inject javascript into the web page. Please note that this is a separate issue to CVE-2019-17573.
By default, Apache CXF creates a `/services` page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the `styleSheetPath`, which allows a malicious actor to inject javascript into the web page. Please note that this is a separate issue to CVE-2019-17573.
Synopsys hub-rest-api-python (aka blackduck on PyPI) - does not validate SSL certificates in certain cases.
A prototype pollution vulnerability in `object-hierarchy-access` allows attacker to cause a denial of service and may lead to remote code execution.
The express-validators package is vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.
A prototype pollution vulnerability in field allows attackers to cause a denial of service and may lead to remote code execution.
Prototype pollution vulnerability in json8-merge-patch npm package may allow attackers to inject or modify methods and properties of the global object constructor.
The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise, and Jet Enterprise, does not verify properly the password in some system-user-dn scenarios. As a result, users (`clients/members`) can be authenticated even if they provide invalid passwords.
A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust, if the installation violates the usage expectations by exposing this UI to outside users.
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEdit allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
In Alerta, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for anonymous authorization are affected. A fix has been implemented that returns HTTP Unauthorized response for any authentication attempts where the password field is empty. As a workaround LDAP administrators can disallow unauthenticated bind requests by clients.
An issue was discovered in SaltStack Salt Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
In SaltStack Salt, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
The TLS module within SaltStack Salt creates certificates with weak file permissions.
Axios NPM package contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
This affects the package find-my-way, from It accepts the `Accept-Version` header by default, and if versioned routes are not being used, this could lead to a denial of service. `Accept-Version` can be used as an unkeyed header in a cache poisoning attack.
Apache Shiro, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
This affects the package `@absolunet/kafe` It allows cause a denial of service when validating crafted invalid emails.
HashiCorp Consul Enterprise up to includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes.
In lookatme, the package automatically loaded the built-in `terminal` and `file_loader` extensions. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.
An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs, mitigate this.
The body parsing of HTTP requests eagerly parses a payload given a `Content-Type` header. A deep JSON structure sent to a valid `POST` endpoint (that may or may not expect JSON payloads) causes a `StackOverflowError` and Denial of Service.
The body parsing of HTTP requests eagerly parses a payload given a `Content-Type` header. A deep JSON structure sent to a valid `POST` endpoint (that may or may not expect JSON payloads) causes a `StackOverflowError` and Denial of Service.
There is a ReDOS vulnerability in codemirror which is mainly due to the sub-pattern (s|/*.*?*/)*
`DatabaseSchemaViewer` is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. As a workaround, ensure `.dbschema` files from untrusted sources are not opened.
phpMyAdmin may allow CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents".
Magento This vulnerability could be abused by authenticated users with administrative permissions to the `System/Data` and `Transfer/Import` components.
Magento This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.
Magento This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.
Magento This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.
Magento This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization.
Magento A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
Magento This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database.
When in maintenance mode, Magento This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment.
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2.