Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. There are two workarounds available. Either don't use parser_apache2 for parsing …
DSpace is an open source turnkey repository application, any community or collection administrator can escalate their permission up to become system administrator. As a workaround, users of may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.
When JupyterHub is used with FirstUseAuthenticator, the vulnerability allows unauthorized access to any user's account if create_users=True and the username is known or guessed.
Impact [medium] A user with write permissions to a portion of a repository may use the S3 gateway to copy any object in the repository if they know its name. [medium] A user with permission to write any one of tags, branches, or commits on a repository may write all of them. [low] A user with permission to read any one of tags, branches, or commits on a repository may …
In Spring Data REST, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.
Spring Cloud OpenFeign applications using type-level @RequestMapping annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods.
The Spring AMQP Message object's toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.
An issue was discovered in Dask (aka python-dask) through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by …
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could …
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.
jQuery-UI is the official jQuery user interface library used by drupal. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from …
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.
jQuery-UI is the official jQuery user interface library used by drupal. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted …
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.
jQuery-UI is the official jQuery user interface library.Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.
Shopware is open source e-commerce software. contain a cross-site scripting vulnerability. This issue is patched Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.
Shopware is open source e-commerce software. contain a cross-site scripting vulnerability. This issue is patched Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.
Go Ethereum is the official Golang implementation of the Ethereum protocol. A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm and Apache Storm. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
In PiranhaCMS to are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution.
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Displayname field when using the Add, Edit or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE).
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go.This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. No user details are leaked, nor is any user data affected, this is simply an annoyance at worst. This is fixed
ShowDoc ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
An Archive Extraction (Zip Slip) vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file.
GJSON allows a ReDoS (regular expression denial of service) attack.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce/tinymce.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in TinyMCE.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tinymce.
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
This package was found to contain malicious code.
Impact rucio-webui installations of the 1.26 release line potentially leak the contents of cookies to other sessions within a wsgi container. Impact is that Rucio authentication tokens are leaked to other users accessing the webui within a close timeframe, thus allowing users to access the webui with the leaked authentication token. Privileges are therefore also escalated. Rucio server / daemons are not affected by this issue, it is isolated to …
Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers it as a handler for certain URL schemes. With some applications such as Outlook Desktop, opening a specially crafted URL can lead to argument injection, allowing execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as :spawn or :debug-pyeval. Only Windows installs where qutebrowser is registered as URL handler are affected. It does not have …
References written in markdown are inserted into a hash table which was found to have a weak hash function, meaning that an attacker can reliably generate a large number of collisions for it. This makes the hash table vulnerable to a hash-collision DoS attack, a type of algorithmic complexity attack. Further the hash table allowed for duplicate entries resulting in long retrieval times.
An issue was discovered in Hyland org.alfresco:alfresco-content-services and org.alfresco:alfresco-transform-services A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.
An issue was discovered in Hyland org.alfresco:alfresco-content-services and org.alfresco:alfresco-transform-services A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.
The shell-quote package for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell …
An issue was discovered in Hyland org.alfresco:share and org.alfresco:community-share An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on the content collaboration features).
An issue was discovered in Hyland org.alfresco:share and org.alfresco:community-share An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on the content collaboration features).
An issue was discovered in Hyland org.alfresco:alfresco-content-services Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. They should limit the concurrency of some actions but, in practice, they don't. Any code calling these functions will be written thinking they would limit the concurrency but they won't. This could lead to potential security issues in other projects. The problem has been patched There is no workaround.
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DoS) of MySQL Connectors.
Vulnerability in the MySQL Connectors product of Oracle MySQL. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DoS) of MySQL Connectors.
Camaleon CMS is vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file
In Camaleon CMS to, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.
Camaleon CMS to doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.
This affects all versions of package x-assign. The global proto object can be polluted using the proto object.
In “Camaleon CMS” application to are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.
The Cosmos-SDK is a framework for building blockchain applications in Golang.Recovery would require applying the patch and rolling back the latest block. Users are advised to update to
firefly-iii is vulnerable to URL Redirection to Untrusted Site
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type
The Bzip2 decompression decoder function does not allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
The Bzip2 decompression decoder function does not allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
The Bzip2 decompression decoder function does not allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
The Snappy frame decoder function does not restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge …
The Snappy frame decoder function does not restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge …
In evm crate < 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check.
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
Nameko can be tricked to perform arbitrary code execution when deserialising a YAML config file. Example:
The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. AWS would like to thank https://github.com/jku for reporting this issue.
The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. AWS would like to thank https://github.com/jku for reporting this issue.
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Backstage is an open platform for building developer portals. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a particular source path. When the template is executed the sensitive files would be included in the published pull request. This vulnerability is mitigated by the fact that an attacker would need access to create and register templates in the Backstage catalog, and that the attack …
This advisory has been marked as a False Positive and has been removed.
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
In both clients (tuf/client and tuf/ngclient), there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to get_one_valid_targetinfo(). It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie ../../name.json). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for …
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack that could allow attackers to redirect users to a malicious website.
This affects the package vm2 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
Cross SIte Scripting (XSS) vulnerability exists in KindEdit via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
The OWASP Java HTML Sanitizer does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEdit, as demonstrated by examples/uploadbutton.html.
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb via a crafted JPEG file.
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
tomcat is vulnerable to a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
tomcat is vulnerable to a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
OMERO.web before 5.11.0 and OMERO.figure before 4.4.1.
OMERO.web before 5.11.0 and OMERO.figure before 4.4.1.
In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block. The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent pallet-evm execution logic. However, do …
In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block. The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent pallet-evm execution logic. However, do …
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.
Missing check in DataCommunicator class in com.vaadin:vaadin-server allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.
Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for NotFoundException is provided.
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.
Minio is a Kubernetes native application for cloud storage. All users are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid() should return owner true for rootCreds. In the affected version, policy restriction does not work properly for users who does not have service (svc) or security token service (STS) accounts.
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.
An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their …
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to or later.
A redirect vulnerability in the fastify-static module allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e.A DoS vulnerability is possible if the URL contains invalid characters curl –path-as-is "http://localhost:3000//^/.."The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Relative Path Traversal in @redocly/openapi-cli.
In OpenCV, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.
In OpenCV, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.
An issue was discovered in OpenCV There is an out-of-bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.
In opencv calls that use libpng, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616
OpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread.
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
In opencv calls that use libpng, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616
An issue was discovered in OpenCV There is an out-of-bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread.
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread.
An issue was discovered in OpenCV There is an out-of-bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
In opencv calls that use libpng, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
OpenCV (Open Source Computer Vision Library) has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread.
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
An issue was discovered in OpenCV There is an out-of-bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread.
OpenCV (Open Source Computer Vision Library) has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread.
In OpenCV, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.
In OpenCV, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.
In opencv calls that use libpng, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616
An out-of-bounds read was discovered in OpenCV Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case.
An out-of-bounds read was discovered in OpenCV Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
An issue was discovered in OpenCV There is an out-of-bounds read in the function cv::predictOrderedcv::HaarEvaluator in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
In OpenCV, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.
In OpenCV, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.
OpenCV has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread.
OpenCV has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
An issue was discovered in OpenCV There is an out-of-bounds read in the function cv::predictOrderedcv::HaarEvaluator in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread.
An out-of-bounds read was discovered in OpenCV Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
An out-of-bounds read was discovered in OpenCV Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.
An issue was discovered in OpenCV There is an out-of-bounds read in the function cv::predictOrderedcv::HaarEvaluator in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
OpenCV (Open Source Computer Vision Library) has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case.
OpenCV has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
OpenCV has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
An issue was discovered in OpenCV There is an out-of-bounds read in the function cv::predictOrderedcv::HaarEvaluator in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of …
An issue was discovered in OpenCV There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
An issue was discovered in OpenCV There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
An issue was discovered in OpenCV There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
An issue was discovered in OpenCV There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
When performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack.
Impact This vulnerability affects maddy 0.5.1, 0.5.0 users using auth.shadow module and an extremely outdated system that still allows MD5 hashes in /etc/shadows. Patches Patch is available as part of the 0.5.2 release. Workarounds Ensure MD5 hashes are not present in /etc/shadow.
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv.
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.
Puma is a HTTP server for Ruby/Rack applications., using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If …
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass.
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature …
An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.
OpenCV has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.
OpenCV has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
Froxl allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
In TypeStack class-validat, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary …
SilverStripe Framework through 4.8.1 allows XSS.
In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
OpenCV allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.
OpenCV allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address.
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability allows a sandboxed renderer to request a thumbnail image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly …
OpenCV has a double free issue that allows attackers to execute arbitrary code.
OpenCV has a double free issue that allows attackers to execute arbitrary code.
An issue was discovered in OpenCV There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
An issue was discovered in OpenCV There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
An issue was discovered in OpenCV There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
An issue was discovered in OpenCV There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp.
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.
OpenCV (Open Source Computer Vision Library) has a denial of service (memory consumption) issue, as demonstrated by the test case.
OpenCV (Open Source Computer Vision Library) has a denial of service (memory consumption) issue, as demonstrated by the test case.
OpenCV (Open Source Computer Vision Library) has a denial of service (CPU consumption) issue, as demonstrated by the test case.
OpenCV (Open Source Computer Vision Library) has a denial of service (CPU consumption) issue, as demonstrated by the test case.
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
.NET Core and Visual Studio Information Disclosure Vulnerability
coreos-installer fails to correctly verify GPG signatures when decompressing gzip-compressed artifacts. This allows bypass of signature verification in cases where coreos-installer decompresses a downloaded OS image, allowing an attacker who can modify the OS image to compromise a newly-installed system. Default installations from ISO or PXE media in Fedora CoreOS, RHEL CoreOS, and RHEL for Edge are not affected, as coreos-installer installs from an OS image shipped as part of …
OpenCV (Open Source Computer Vision Library) has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case.
OpenCV (Open Source Computer Vision Library) has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case.
This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content starting at that offset into the body. One way to exploit this vulnerability would be for an adversary to craft a request such …
An issue was discovered where this library was generating identical RSA keys used in SSH.
The Unicorn framework for Django allows XSS via a component. NOTE, this issue exists because of an incomplete fix for CVE-2021-42053.
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.
All versions of package config-handler is vulnerable to Prototype Pollution when loading config files.
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.
SilverStripe Framework suffers from a XSS vulnerablity.
SilverStripe Framework allows XSS.
The Unicorn framework for Django allows XSS via component.name.
A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).
If you use HttpAuthMiddleware (i.e. the http_user and http_pass spider attributes) for Splash authentication, any non-Splash request will expose your credentials to the request target. This includes robots.txt requests sent by Scrapy when the ROBOTSTXT_OBEY setting is set to True.
If you use HttpAuthMiddleware (i.e. the http_user and http_pass spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as robots.txt requests sent by Scrapy when the ROBOTSTXT_OBEY setting is set to True, or as requests reached through redirects.
Impact Anyone using storage.blob.s3 introduced in 0.5.0 with storage.imapsql. storage.imapsql local_mailboxes { … msg_store s3 { … } } Patches The relevant commit is pushed to master and will be included in the 0.5.1 release. No special handling of the issue has been done due to the small amount of affected users. Workarounds None. References Original report: https://github.com/foxcpp/maddy/issues/395 Fix: https://github.com/foxcpp/maddy/commit/07c8495ee4394fabbf5aac4df8aebeafb2fb29d8
The following code does not properly validate that its input is in bounds. @external def foo(x: decimal) -> decimal: return x
Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.
Jenkins Git Plugin does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
The file browser in Jenkins may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files.
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
Jenkins accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.
October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend.
October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update.
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Credit card form has prefilled "credit card holder" field with the Customer's first and last name and hence this can lead to personally identifiable information exposure. Additionally, the mentioned …
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a confirmation_token input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication …
A redirect vulnerability in the fastify-static module allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e. The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header.
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header.
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery.
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery.
SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
CVSS Score: 9.8 Critical CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H We received a security report to security@grafana.com on 2021-09-15 about a vulnerability in Grafana regarding the snapshot feature. It was later identified as affecting Grafana versions from 2.0.1 to 8.1.6. CVE-2021-39226 has been assigned to this vulnerability.
ACINQ Eclair allows loss of funds because of dust HTLC exposure.
AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).
Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.
LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor.
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an …
Docker CLI is the command line interface for the docker container runtime. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.
In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped.
Cross-site scripting (XSS) vulnerability in in concrete5-legacy allows remote attackers to inject arbitrary web script or HTML via the cID parameter.
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
Cross-site scripting (XSS) vulnerability in getID3 and allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy allows remote attackers to inject arbitrary web script or HTML via the rel parameter.
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy allows remote attackers to inject arbitrary web script or HTML via the rel parameter.
Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy allows remote attackers to inject arbitrary web script or HTML via the ctID parameter.