Advisories

OpenCart-Overclocked contains a Cross Site Scripting (XSS) vulnerability. This attack appear to be exploitable via Malicious input passed in GET parameter.

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

In the library libgit2, which is used by pygit2, a remote attacker can send a crafted smart-protocol ng packet that lacks a \0 byte to trigger an out-of-bounds read leading to a DoS.

There is a vulnerability in ng_pkt (transports/smart_pkt.c) in libgit2 which is wrapped by the rugged gem. A remote attacker can send a crafted smart-protocol ng packet that lacks a \0 byte to trigger an out-of-bounds read that leads to DoS.

In Dojo Toolkit, there is unescaped string injection in dojox/Grid/DataGrid.

A privilege escalation detected in flintcms allows account takeover due to blind MongoDB injection in password reset.

Pimcore allows SQL Injection via the REST web service API.

A command injection in git-dummy-commit allows os level commands to be executed due to an unescaped parameter.

Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

A code injection in cryo allows an attacker to arbitrarily execute code due to insecure implementation of deserialization.

Pimcore allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token.

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.

libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.

When reading a specially crafted ZIP archive, the read method of Apache Commons ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. This can lead to an infinite stream, which can be used to mount a denial of service attack against services that use compressed zip package.

libxml2, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8380, CVE-2018-8381, CVE-2018-8384.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer, Microsoft Edge, Internet Explorer This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8381, CVE-2018-8384.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384.

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.

jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.

active-support ruby gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.

Apache Spark standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property spark.authenticate.secret establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program …

Incorrect parsing in url-parse returns the wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

active-support could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.

An SSRF vulnerability in webhooks in Gitea and Gogs allows remote attackers to access intranet services.

Improper authorization in aedes will publish a LWT in a channel when a client is not authorized.

Cookie serialization vulnerability.

Cookie serialization vulnerability in laravel framework.

PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This can lead to remote code execution.

PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This can lead to remote code execution.

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plug for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.

The implementation of CSRF protection did not use different tokens for HTTP and HTTPS, therefore the token was subject to MITM attacks on HTTP and could then be used in HTTPS context to do CSRF attacks.

The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.

The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks.

When a form is submitted by the user, the request handler classes of the Form component merge POST data (known as the $_POST array in plain PHP) and uploaded files data (known as the $_FILES array in plain PHP) into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. …

When a form is submitted by the user, the request handler classes of the Form component merge POST data (known as the $_POST array in plain PHP) and uploaded files data (known as the $_FILES array in plain PHP) into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. …

This package includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack.

This package includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack.

An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \Symfony\Component\HttpFoundation\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL …

An issue was discovered in Http Foundation in Symfony. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This …

An issue was discovered in HttpKernel in Symfony When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.

Insufficient URI encoding in restforce allows attacker to inject arbitrary parameters into Salesforce API requests.

An improper handling of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.

A bug in the tracking of connection closures can lead to reuse of user sessions in a new connection.

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.

paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.

Apache Axis is vulnerable to a cross-site scripting (XSS) attack.

paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.

uploads/.htaccess in Subrion CMS allows XSS because it does not block .html file uploads.

Tomcat contains a race condition that could result in a user seeing a response intended for a different user.

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.

This package are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.

An exposure of sensitive information vulnerability exists in the Jenkins Kubernetes Plugin in KubernetesCloud.java. The vulnerability allows attackers to capture credentials with a known credentials ID stored in Jenkins.

An exposure of sensitive information vulnerability exists in the Jenkins Tinfoil Security Plugin in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret.

An exposure of sensitive information vulnerability exists in Jenkins that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in the plugin configuration.

An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

An exposure of sensitive information vulnerability exists in Jenkins that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin configuration.

An exposure of sensitive information vulnerability exists in the Jenkins SSH Agent Plugin in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

A data modification vulnerability exists in Jenkins Resource Disposer Plugin in AsyncResourceDisposer.java that allows attackers to stop tracking a resource.

The host name verification when using TLS with the WebSocket client was missing.

It was found that SAML authentication in Keycloak incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.

A cross-site scripting vulnerability exists in the Jenkins Shelve Project Plugin that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

An exposure of sensitive information vulnerability exists in Jenkins that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause …

mitmweb in mitmproxy before v4.0.4 allows DNS Rebinding attacks, related to tools/web/app.py.

Apache Camel is vulnerable to XXE in XSD validation processor.

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

Concatenating unsanitized user input in the whereis npm module allows an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead.

There is a stored Cross-Site Scripting vulnerability in the metascrape npm module.

Relative Path Traversal in superstatic.

When Keycloak receives a Logout request in the middle of the request, the SAMLSloRequestParser.parse() method ends in an infinite loop. An attacker could use this flaw to conduct denial of service attacks.

With non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.

It was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

The Distributed Fork plugin for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes.

In Apache Kafka authenticated users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the InResponseTo field in the response.

It was discovered that the XmlUtils class in jbpmmigration performs expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.

connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.

connect node module suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.

An input validation vulnerability was found in Ansible's mysql_user module, which may fail to correctly change a password in certain circumstances. Thus, the previous password would still be active when it should have been changed.

defaults-deep node module suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.

Authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.

It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.

A race-condition flaw was discovered in openstack-neutron: following a minor overcloud update, neutron security groups were disabled.

base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.

zt-zip is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as Zip-Slip.

mholt/archiver golang package before is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

unzipper npm library is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as Zip-Slip.

The adm-zip npm library is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ in a Zip archive entry that is mishandled during extraction.

SharpCompress is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

DotNetZip.Semvered is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

zip4j is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as Zip-Slip.

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.

An issue was discovered in aubio. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Sensitive information is leaked through Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade.

An Improper authorization vulnerability exists in Jenkins in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.

An Improper authorization vulnerability exists in Jenkins in Queue.java that allows attackers with Overall/Read permission to cancel queued builds.

An issue was discovered in aubio. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.

An issue was discovered in aubio. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.

Cross-site scripting (XSS) vulnerability in Zope allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

An unauthorized modification of configuration vulnerability exists in Jenkins, in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory.

An arbitrary file read vulnerability exists in Jenkins, Stapler allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.

The PlonePAS product, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors.

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Unspecified vulnerability in (1) Zope, as used in Plone and other products, and (2) PloneHotfix20110720 for Plone allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

Unspecified vulnerability in Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI.

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. Django Tastypie has a very similar vulnerability.

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related …

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.

Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.

A cross-site scripting vulnerability exists in Jenkins, in BuildTimelineWidget.java, that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.

Gleezcms Gleez CMS contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page.

A cross-site scripting vulnerability exists in Jenkins that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTPerror pages while Stapler debug mode is enabled.

MathJax contains a Cross Site Scripting (XSS) vulnerability in the unicode{} macro that can result in potentially untrusted Javascript running within a web browser. The victim must view a page where untrusted content is processed using Mathjax.

The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation.

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.

A path traversal exists in markdown-pdf that allows a user to insert a malicious html code that can result in reading the local files.

Apache Ignite does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3rd party vulnerable classes are present in Ignite classpath.

An XSS in statics-server can be used via injected iframe in the filename when statics-server displays directory index in the browser.

The debug handler in Symfony has an XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get` URI.

A remote code execution vulnerability allows attackers to exploit multiple attack vectors on a Drupal site, which can result in the site being compromised.

A remote code execution vulnerability allows attackers to exploit multiple attack vectors on a Drupal site, which can result in the site being compromised.

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

Ansible fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

Pagekit has an open redirect vulnerability.

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.

The getLocalePrefix function in ResourceManager contains a Path Traversal vulnerability.

Passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services.

Graylog has an XSS in typeahead components.

A directory traversal vulnerability has been found in the Assets controller in the Play Framework. When running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.

Python package pysaml2 version 4.5.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

XMLReader.php in PHPOffice Common allows XXE.

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.

An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.

python-fedora 0.8.0 and lower is vulnerable to an open redirect, resulting in loss of CSRF protection.

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

In Mercurial before 4.1.3, "hg serve –stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using –debugger as a repository name.

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.

Doorkeeper contains a vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.

In Bootstrap, XSS is possible in the data-target property of scrollspy.

In Bootstrap, XSS is possible in the data-container property of tooltip.

In Bootstrap, XSS is possible in the collapse data-parent attribute.

An issue has been found in libpng It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.

There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.

An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.

diffoscope before 76 writes to arbitrary locations on disk based on the contents of an untrusted archive.

YamlDotNet includes a deserialization vulnerability that can lead to code execution.

In Bootstrap, XSS is possible in the collapse data-parent attribute.

In Bootstrap, XSS is possible in the data-target property of scrollspy.

In Bootstrap, XSS is possible in the data-container property of tooltip.

In Bootstrap, XSS is possible in the data-container property of tooltip.

In Bootstrap before, XSS is possible in the data-target property of scrollspy.

In Bootstrap, XSS is possible in the collapse data-parent attribute.

An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line end_pos = data_len - 1 - mac.digest_size that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. This attack appears to be exploitable via man in the middle on a network connection. This vulnerability appears to have been …

Privilege Escalation & SQL Injection in TYPO3 CMS.

Privilege Escalation & SQL Injection in TYPO3 CMS.

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final > character from an IMG tag.

of eslint-scope was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to 2 remote servers. The best course of action if you found this package installed in your environment is to revoke all your npm tokens. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens

of eslint-scope was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to 2 remote servers. The best course of action if you found this package installed in your environment is to revoke all your npm tokens. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1.

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects …

Insecure Deserialization in TYPO3 CMS.

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.

Insecure Deserialization in TYPO3 CMS.

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.

In Apache Spark it is possible for a malicious user to construct a URL pointing to a Spark cluster UI job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this …

It is possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.

Codiad allows Remote Code Execution.

Authentication Bypass in TYPO3 CMS.

Authentication Bypass in TYPO3 CMS.

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.

webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8290.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8294.

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8290, CVE-2018-8294.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge, Internet Explorer This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework, Microsoft .NET Framework, Microsoft .NET Framework /4.7/4.7.1/4.7.2, ASP.NET Core, Microsoft .NET Framework, ASP.NET Core, ASP.NET Core, .NET Core, Microsoft .NET Framework, Microsoft .NET Framework, Microsoft .NET Framework /4.6.1/4.6.2, .NET Core, .NET Core, Microsoft .NET Framework, Microsoft .NET Framework /4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core, ASP.NET Core, ASP.NET Core, ASP.NET MVC

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core, ASP.NET Core, ASP.NET Core, ASP.NET MVC

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.

The MongoDB bson JavaScript module is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimaljs. The flaw is triggered when the DecimalfromString() function is called to parse a long untrusted string.

The XMLUI feature in DSpace allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.

A flaw was found in libgit2 which is wrapped by the rugged gem. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out-of-bound read, which allows reading before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

The libgit2 library, which is used by pygit2, is vulnerable to an integer overflow which leads to an out-of-bound read. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

The library libgit2, which is used by pygit2, contains an out-of-bound read vulnerability that can lead to a Denial of Service.

A flaw was found in libgit2 which is wrapped by the rugged gem. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.

The macaddress module is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

The macaddress module for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

When a quiz question bank is imported, it is possible for the question preview that is displayed to execute JavaScript that is written into the question bank.

A flaw was found in Moodle. It is possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories.

A flaw was found in Moodle. No option exists to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.

An attacker with access to a secure storm cluster could execute arbitrary code as a different user.

The Jenkins AWS CodePipeline Plugin contains an Insufficiently Protected Credentials vulnerability.

The Jenkins AWS CodeBuild Plugin does not properly protect credentials in AWSClientFactory.

The Jenkins AWS CodeDeploy Plugin does not properly protect credentials in AWSCodeDeployPublisher.

Eran Hammer cryptiles contains an Insufficient Entropy vulnerability in randomDigits(). An attacker is more likely to be able to brute force something that was supposed to be random. This attack appear to be exploitable depending upon the calling application.

The Jenkins AWS CodeDeploy Plugin contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.

In libpng, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

CSRF vulnerability in the admin panel.

CSRF vulnerability in the admin panel.

SQL injection vulnerability in product/card.php in Dolibarr allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.

An SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM allows remote attackers to execute arbitrary SQL commands via the statut parameter.

SQL injection vulnerability in product/card.php in Dolibarr allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.

An SQL injection vulnerability in product/card.php in Dolibarr allows remote attackers to execute arbitrary SQL commands via the country_id parameter.

memjs allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.

Path traversal in buttle module versions allows to read any file on the server-side.

This vulnerability in Apache Solr relates to an XML external entity expansion (XXE) in Solr config files.

Versions of Apache CXF Fediz do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.

Angular redactor is vulnerable to stored XSS when HTML content mode is used.

ruby-grape suffers from a cross-site scripting (XSS) vulnerability via format parameter.

rails_admin is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.

query-mysql is vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

DNN (aka DotNetNuke) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.

In Apache PDFBox, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in the AFMParser.

Ansible does not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

The utilities function of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

The utilities function in the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

The utilities function in the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

The utilities function of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

The utilities function in all versions of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

There is a Stored XSS vulnerability in the glance node module versions. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.

The public node module allows embedding HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control. The attacker can run arbitrary code as a result.

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via System.setProperty. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior the exception is caught in the reflection code and …

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via System.setProperty. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior the exception is caught in the reflection code and …

A cross-site scripting vulnerability in the xapian-core library that is wrapped by this gem due to incomplete HTML escaping by Xapian::MSet::snippet().

/upload/catalog/controller/account/password.php in OpenCart has CSRF via the index.php?route=account/password URI.

An issue was discovered in OpenTSDB that enables attackers to run arbitrary commands through the /q URI.

There is XSS in parameter type to the /suggest URI.

XSS in parameter json to the /q URI.

The default configuration in Apache Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.

When an intentionally bad query arrives that does not match a dynamic url-pattern, and is eventually handled by the DefaultServlet static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full …

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto allows a remote attacker to obtain sensitive information.

There is a race-condition which could lead to authenticated sessions being incorrectly applied to users.

baserCMS allows remote attackers with a site operator privilege to upload arbitrary files.

A session fixation vulnerability exists in the Jenkins SAML Plugin that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.

aiohttp-session contains a Session Fixation vulnerability in the load_session function for RedisStorage that can result in Session Hijacking. This attack appears to be exploitable via any method that allows setting session cookies.

A server-side request forgery vulnerability exists in the Jenkins URLTrigger Plugin in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

The gem rubyzip contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files, an attacker can upload a malicious file that contains symlinks or files with absolute pathnames .. to write arbitrary files to the filesystem.

baserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.

Transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. A large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to …

A vulnerability exists in the Jenkins Configuration as Code Plugin that allows attackers with access to Jenkins log files

A vulnerability exists in the Jenkins z/OS Connector Plugin. It allows an attacker with local file system access or control of a Jenkins administrator's web browser to retrieve the configured password.

The package sprockets may leak confidential information. Specially crafted requests can be used to access files that exist on the filesystem that are outside an application's root directory when the server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.

baserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.

A vulnerability exists in the Jenkins GitHub Plugin in GitHubTokenCredentialsCreator.java that allows attackers to capture credentials stored in Jenkins.

A vulnerability exists in the Jenkins Configuration as Code Plugin that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration.

An arbitrary file read vulnerability exists in the Jenkins SSH Credentials Plugin in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.

Eclipse Jetty contains a vulnerability that could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.

If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.

json-jwt is vulnerable to improper verification of cryptographic signatures when decrypting AES-GCM encrypted JSON Web Tokens. This can result in an attacker being able to forge an authentication tag.

baserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.

A vulnerability exists in the Jenkins Fortify CloudScan Plugin that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.

A man in the middle vulnerability exists in the Jenkins CollabNet Plugin that allows attackers to impersonate any service that Jenkins connects to.

baserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.

A persisted cross-site scripting vulnerability exists in the Jenkins Badge that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when other user performs some UI actions.

Cross-site scripting vulnerability in baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Joplin contains an XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in the Note content field.

Cross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Froxlor version Contains a code injection vulnerability.

Minio a Allocation of Memory Without Limits or Throttling vulnerability in write-to-RAM.

Multiple SQL injection vulnerabilities in Centreon including Centreon Web allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.

Spring Framework allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the jsonp and callback JSONP parameters, enabling cross-domain requests.

This advisory has been marked as a False Positive and has been removed.

This advisory has been marked as a False Positive and has been removed.

Centreon including Centreon Web is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.

Spring Framework allows web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

There is Remote Code Execution in Centreon including Centreon Web via the RPN value in the Virtual Metric form in centreonGraph.class.php.

ruby-ffi has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String.

When using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions.

Froxl has Incorrect Access Control for tickets not owned by the current user.

Ansible has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.

An issue was discovered in Phusion Passenger. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.

An issue was discovered in phpMyAdm in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for allowed pages.

An issue was discovered in js/designer/move.js in phpMyAdm A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.

The daemons package loads and executes malicious scripts.

Auth0 angular-jwt treats allow listedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.allow listedDomains setting to bypass the domain allowlist filter via a crafted domain.

JBoss RichFaces allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code.

JBoss RichFaces allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code.

A Session Fixation issue exists in CodeIgniter because session.use_strict_mode in the Session Library was mishandled.

Given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.

index.js in oauth2orize-fprm is vulnerable to XSS via a crafted URL.

A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

expressCart allows remote attackers to create an admin user via a /admin/setup Referer header.

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8267.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8229.

Archive.java in Junrar is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Unauthorised users can hijack rooms when there is no m.room.power_levels event in force.

Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.

DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.

The security handlers in the Security component in Symfony have an Open redirect vulnerability when security.http_utils is inlined by a container.

The security handlers in the Security component in Symfony have an Open redirect vulnerability when security.http_utils is inlined by a container.

A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit . A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.

Apache Geode server is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.

DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler take the content of the _target_path parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.

DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler take the content of the _target_path parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.

An issue was discovered in the HttpFoundation component in Symfony. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.

The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.

The on_get_missing_events function in handlers/federation.py in Matrix Synapse has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.

An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a null password and valid username, which triggers an unauthenticated bind.

An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a null password and valid username, which triggers an unauthenticated bind.

An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a null password and valid username, which triggers an unauthenticated bind.

Ignite Realtime Openfire is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Website, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.

By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.

By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.

By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.

By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.

The private_address_check ruby gem is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address.

URL Rewrite vulnerability.

URL Rewrite vulnerability in zend-feed.

URL Rewrite vulnerability in zend-http.

URL Rewrite vulnerability in zend-diactoros.

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

The MXNet framework will listen on a port different from DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they did not expect to be listening on.

OWASP Dependency-Check allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.

An attacker is able to craft a request that results in an HTTP (redirect) to an entirely different domain.

Unrestricted file upload (RCE) in express-cart module allows a privileged user to gain access in the hosting machine.

The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client does not support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.

charset is vulnerable to regular expression denial of service. Input of around k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is kb, so the impact of the ReDoS is relatively low.

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control …

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around k characters to block for 2 seconds making this a low severity issue.

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.

The timespan module is vulnerable to regular expression denial of service. Given k characters of untrusted user input it will block the event loop for around seconds.

The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.

ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.

slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About k characters can block the event loop for 2 seconds.

The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.

The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case, it can block the event loop causing a denial of service condition.

calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

node module suffers from a Path Traversal vulnerability due to lack of validation of files, which allows a malicious user to read content of any file with known path.

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.

xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.

goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

glance node module suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.

ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible.

citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.

serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.

uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

shenliru is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

cyber-js server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.

looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.

earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

The angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.

fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

list-n-stream is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.

unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of URLs, which allows a malicious user to read content of any file with known path.

dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.

infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.

serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.

enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.

jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url, but is limited to accessing only .html files.

lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. Accessible files are restricted to files with .htm and .js extensions.

tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.

welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.

serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

360class.jansenhmis vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing..` in the url.

yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.