Cross-site Scripting
nZEDb has an XSS vulnerability in the error page.
nZEDb has an XSS vulnerability in the error page.
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
A server-side request forgery vulnerability exists in Jenkins that allows users with Overall/Read permission to have Jenkins submit an HTTP GET request to an arbitrary URL and learn whether the response is successful or not.
A command execution vulnerability exists in Jenkins Absint Astree in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master.
Socket depends on Math.random() to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.
The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
uri-js is a module that tries to fully implement RFC One of these features is validating whether a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos.
badjs-sourcemap-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
hostr allows an attacker to read files outside the current directory by sending ../ in the url path for GET requests.
The augustine node module suffers from a Path Traversal vulnerability due to lack of input validation, which allows a malicious user to read content of any file with known path.
hftp is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
f2e-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. This is compounded by f2e-server requiring elevated privileges to run.
gomeplus-h5-proxy is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing ../ in the URL.
Growl does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
mariadb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
d3.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
jquery.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-fabric is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
sqliter is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
sqlite.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodesqlite is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodefabric is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
sqlserver is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-sqlite is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
fabric-js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser.
The sync-exec module is used to simulate child_process Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.
node-jose is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.
Decamelize uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.
An attacker that forces an error can crash the server, causing a denial of service.
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block.
When hapi encounters a malformed accept-encoding header, an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.
If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body.
Nes contains a denial of service vulnerability that can be exploited via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out.
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.
marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
herbivore download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
The cloudpub-redis package downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.
libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
The clang-extra module installs LLVM's clang-extra tools and downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
gitook allows the injection of javascript code that be executed on the online reader.
Remarkable allows the use of data: URIs in links and can therefore execute javascript.
An attacker can inject scripts which are executed in some browsers.
The forms package does not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to XSS.
Sanitize-html is vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.
ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.
In Morris, when control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded.
ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.
Because of how string interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser.
sanitize-html has a cross site scripting vulnerability.
html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.
Summit later allows an attacker to execute arbitrary commands via the collection name.
ikst download resources over HTTP, which leaves it vulnerable to MITM attacks.
gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to an HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation.
A Stored XSS in YOOtheme Pagekit allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to /storage/poc.svg that will point to http://localhost/pagekit/storage/poc.svg. When a user …
Open redirect in hekto when target domain name is used as html filename on server.
Command injection exists in pdf-image due to an unescaped string parameter.
pdfinfojs has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.
Information exposure through directory listings in serve allows directory listing and file access even when they have been set to be ignored.
nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server.
chromedriver126 is chromedriver for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
bionode-sra is a Node.js wrapper for SRA Toolkit that downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
The closurecompiler package downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Fuseki server wrapper and management API in fuseki downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
closure-utils is Utilities for Closure Library based projects and downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
arrayfire-js is a module for ArrayFire for the Node.js platform. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Graylog has an XSS security issue with unescaped text in notifications.
Graylog has an XSS security issue with unescaped text in dashboard names.
XSS in sexstatic causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
Bitty is a development web server tool that functions similar to python -m SimpleHTTPServer. The package has a directory traversal vulnerability that is exploitable via the URL path in GET requests.
marked is an application that is meant to parse and compile markdown. Due to the way that marked parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (sanitize: true) to inject a javascript: URL. This flaw exists because &#xNNanything; gets parsed to what it could and leaves the rest behind, resulting in just anything; being left.
jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.
The riot-compiler version has an issue in a regex (Catastrophic Backtracking) that make it unusable under certain conditions.
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.
The primary function, minimatch(path, pattern) in Minimatch is vulnerable to ReDoS in the pattern parameter.
engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that Node.js handles the rejectUnauthorized setting. If the value is something that evaluates to false, certificate verification will be disabled.
appium-chromedriver is a Node.js wrapper around Chromedriver. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
galenframework-cli downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the Model#Escape function of backbone, if a user is able to supply input.
Due to the way that marked parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (sanitize: true) to inject a javascript: URL. This flaw exists because &#xNNanything; gets parsed to what it could and leaves the rest behind, resulting in just anything; being left.
Sinatra has XSS via the Bad Request page that occurs upon a params parser exception.
The npm module shell-quote cannot correctly escape > and < operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection.
sequelize is vulnerable to SQLi allowing attackers to delete data in the TestTable table.
gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.
The stattic node module suffers from a Path Traversal vulnerability due to lack of validation of paths, which allows a malicious user to read contents of any file with known path.
crud-file-server node suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.
atob allocates uninitialized Buffers when number is passed in input.
It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
mysqljs is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-tkinter is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
tkinter is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
pngcrush-installer download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
ibapi is an Interactive Brokers API addon for Node.js. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.
ibm_db downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
install-nw download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not.
The 'program extension upload' feature in OpenCart has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing random digits) via a directory traversal attack.
OpenCart allows directory traversal in the editDownload function related to the download_id. For example, an attacker can download ../../config.php.
An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.
An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
Jenkins uses AES ECB block cipher mode without an IV for encrypting secrets, which makes Jenkins and the stored secrets vulnerable to unnecessary risks.
Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution.
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.
This advisory has been marked as a False Positive and has been removed.
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service.
SQL Injection vulnerability in Dolibarr allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.
An SQL injection vulnerability in Dolibarr allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
jpeg_size in pdfgen.c in PDFGen has a heap-based buffer over-read.
Jenkins is vulnerable to an information disclosure vulnerability in search suggestions. The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
A Cross-site scripting (XSS) vulnerability in Dolibarr allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
The admin panel in Dolibarr might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
This vulnerability in Apache Solr relates to an XML external entity expansion (XXE) in Solr config files.
Undertow is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
XSS in some development error pages.
Jenkins is vulnerable to a persisted cross-site scripting vulnerability in console notes. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs.
util/FileDownloadUtils.java in FileDownloader does not check an attachment name. If an attacker places ../ in the file name, the file can be stored in an unintended directory because of Directory Traversal.
In Apache ORC malformed ORC file can trigger an endlessly recursive function call in the Java parser.
The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file.
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable supportsCredentials for all origins.
Jenkins is vulnerable to an improper exclusion of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents.
Jenkins is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens.
In Jenkins, monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes.
In Jenkins low privilege users were able to override JDK download credentials, resulting in future builds possibly failing to download a JDK.
In Jenkins, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks.
Jenkins is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs.
Jenkins is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names.
Jenkins is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create user records.
Spring contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Spring Framework when used in combination with Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.
Spring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Spring Security OAuth contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
Jenkins is vulnerable to a persisted cross-site scripting in parameter names and descriptions. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer, Microsoft Edge, Internet Explorer This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137.
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge, Internet Explorer This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.
An open redirect vulnerability exists in the Jenkins Google Login Plugin that allows attackers to redirect users to an arbitrary URL after successful login.
A session fixation vulnerability exists in the Jenkins Google Login Plugin that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
hawtio is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
A path traversal vulnerability exists in the Jenkins HTML Publisher Plugin that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Jenkins is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible. This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction.
Jenkins is vulnerable to an insufficient permission check for periodic processes.
A cross-site scripting vulnerability in the Jenkins S3 Plugin allows attackers to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
In Apache Derby, a specially-crafted network packet can be used to request the Derby Network Server to boot a database.
Apache Ambari is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem.
All versions of getcookies contain a malicious backdoor that allows a remote attacker to execute code on the web server that uses this module.
Matrix Synapse is prone to a denial of service flaw where malicious events injected with depth = 2^63-1 render rooms unusable, related to federation/federation_base.py and handlers/message.py.
An issue was discovered in libraries/common which allows users who have no password set to log in even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default).
This vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.
Unbounded memory allocation allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
A Cross-site scripting exists in GeniXCMS.
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika BPGParser.
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika ChmParser.
RisingStack protect contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings(26) detailed in the GitHub issue #16.
An issue was discovered in the Users Frontend. An XSS exists in the name field.
From Apache Tika, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.
Netwide Assembler (NASM) rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
Netwide Assembler (NASM) has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
thinkphp has SQL Injection.
Cross-site scripting (XSS) vulnerability in the Enhanced Image plugin for CKEditor.
Cross-site scripting (XSS) vulnerability in the Enhanced Image plugin for CKEditor.
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor allows remote attackers to inject arbitrary web script through a crafted IMG element.
phpMyAdm has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Parsedown contains a Cross Site Scripting (XSS) vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST boundaries.
There's a Cross-Site Scripting (XSS) vulnerability in system log of back end. With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker themselves does not have to be logged in.
Mautic allows CSV injection.
LightSAML contains an Incorrect Access Control vulnerability in signature validation.
When using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.
In Apache wicket-jquery-ui JS code created in WYSIWYG editor will be executed on display.
XSS vulnerabiltiy in drupal.
Mautic before v2.13.0 has stored XSS via a theme config file.
XSS vulnerabiltiy in drupal.
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
An issue was discovered in Mautic It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.
Jenkins allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.
Crypt encryption compromised.
A cross-site scripting vulnerability exists in Jenkins in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.
With the right knowledge, code, and GPU calculation power, Crypt encryption can be broken in minutes.
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore.
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
Dolibarr ERP/CRM is affected by an SQL injection in versions via product/stats/card.php (type parameter).
Spring Framework allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Jenkins is vulnerable to an insufficient permission check. This allows users with permissions to create new items to overwrite existing items they don't have access to.
Spring Data Commons contains a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
Spring Data Commons contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data projection-based request payload binding hat can lead to a remote code execution attack.
Netwide Assembler (NASM) rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting vulnerabilities.
Dolibarr is affected by stored Cross-Site Scripting.
This vulnerability relates to an XML external entity expansion (XXE) in the &dataConfig=<inlinexml> parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
The page module in TYPO3 is vulnerable to XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
Spring Framework allows applications to configure Spring MVC to serve static resources (e.g., CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Spring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead …
When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead …
This vulnerability in Apache Hive JDBC allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin that allows an attacker with local file system access to obtain GitHub credentials.
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin that allows attackers with local file system access to obtain a list of authorities for logged-in users.
In Apache Hiveto, malicious user might use any xpath UDFs to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.serverenable.doAs=false.
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin that allows an attacker with local file system access to obtain GitHub credentials.
In Apache Hiveto, when COPY FROM FTP statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is …
An improper authorization vulnerability exists in the Jenkins vSphere Plugin that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (test connection).
A man in the middle vulnerability exists in the Jenkins vSphere Plugin in VSphere.java that disables SSL/TLS certificate validation by default.
A man in the middle vulnerability exists in the Jenkins Ansible Plugin that disables host key verification by default.
A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users.
Cross-site scripting (XSS) vulnerability in Gleez CMS might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
A cross-site request forgery vulnerability exists in Jenkins vSphere that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (test connection).
The xz_decomp function in xzlib.c in libxml2, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
A flaw was found in Moodle. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.
The Auth0 authentication service allows privilege escalation because the JWT audience field is not validated.
Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.
CSRF exists in the Auth0 authentication service when the Legacy Lock API flag is enabled.
DNS rebinding vulnerability found in etcd. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
A cross-site request forgery flaw was found in etcd. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.
In Apache Ignite, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3rd party vulnerable classes are present in Ignite classpath.
In Spark, a remote attacker can read unintended static files via various representations of absolute or relative pathnames.
The gem allows attributes that are not specified in the allowlist to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah.
There's a potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. This could lead to unexpected behavior when combined with weak type comparisons.
There's a potential exploit of the Laravel Encrypter component that may cause the Encrypter to fail on decryption and unexpectedly return false. To exploit this, the attacker must be able to modify the encrypted payload before it is decrypted. This could lead to unexpected behavior when combined with weak type comparisons.
The merge function, and the applyToDefaults and applyToDefaultsWithShallow functions which leverage merge behind the scenes, are vulnerable to a prototype pollution attack when provided an unvalidated payload created from a JSON string containing the proto property.
When sanitize is used in combination with libxml2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing attributes that are not specified in the allowlist to be used. This can allow HTML and JavaScript injection, which could result in XSS if the output is served to browsers.
Exploit of encryption failure vulnerability.
Exploit of encryption failure vulnerability
A remote code execution vulnerability allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
A remote code execution vulnerability allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
Studio elFinder has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.
Studio elFinder has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.
CSRF in /admin/user/manage/add in QuickAppsCMS allows an unauthorized remote attacker to create an account with admin privileges.
Loofah allows attributes that are not explicitly allowed to be present in sanitized output when input with specially-crafted HTML fragments.
In the Loofah gem for Ruby, denylisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
The Apache Struts REST Plugin XStream library allow attackers to perform a DoS attack when using a malicious request with specially crafted XML payload.
The REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload.
rap2hpoutre Laravel Log Viewer relies on Base64 encoding, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a download request.
Kentico allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
Electron contains an improper handling of values vulnerability in Webviews that can result in remote code execution. .
IdentityServer IdentityServer4 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
The findByCondition function in framework/db/ActiveRecord.php allows remote attackers to conduct SQL injection attacks via a findOne() or `findAll()à call, unless a developer recognizes an undocumented need to sanitize array input.
The findByCondition function in framework/db/ActiveRecord.php allows remote attackers to conduct SQL injection attacks via a findOne() or `findAll()à call, unless a developer recognizes an undocumented need to sanitize array input.
Redis extension of Yii 2 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack.
Elasticsearch extension of Yii 2 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack.
Yii allows remote attackers to inject unintended search conditions.
Yii allows remote attackers to inject and execute arbitrary LUA code.
Netwide Assembler (NASM) rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
Netwide Assembler (NASM) rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
An administrator with user search entitlements in Apache Syncope can recover sensitive security values using the fiql and orderby parameters.
Netwide Assembler (NASM) rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
An administrator with report and template entitlements in Apache Syncope can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the Bounce Address, and the input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated.
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot is susceptible to a symlink attack which allows the run_user to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the run_user requires shell …
Kentico has SQL injection in the administration interface.
Kentico has XSS in which a crafted URL results in improper construction of a system page.
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
CKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the image2 plugin.
CKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the image2 plugin.
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress extra field parser used by the ZipFile and ZipArchiveInputStream.
Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.
Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security …
amphp/http isn't properly protected against HTTP header injection.
HTTP header injection vulnerability in the http package.
server/app/views/static/code.htmlin Kontena allows XSS inkontena master login –remotecode display, as demonstrated by/code#code=` in a URI.
ASP.NET Core allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
.NET Core, .NET Core, NET Core and PowerShell Core allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability".
ASP.NET Core allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.
ChakraCore and Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.
ChakraCore and Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935.
A JNDI Injection vulnerability exists in Jolokia agent in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.
Stored XSS on the OAuth Client's name will cause users being prompted for consent via the implicit grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link for the malicious OAuth client. Because of how the links work, a user cannot tell if a link is malicious or …
RubyGems contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside the root.
RubyGems contains a Directory Traversal vulnerability in gem installation that can result in the gem being able to write to arbitrary filesystem locations during installation. This attack appears to be exploitable by a victim installing a malicious gem.
In Kubernetes containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files and directories from the nodes where they are running.
Ajenti contains an Improper Error Handling vulnerability in Login JSON request that can result in a path traversal.
Ajenti contains an Improper Error Handling vulnerability in Login JSON request that can result in a path traversal.
RubyGems contains an infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.
A plaintext storage of a password vulnerability exists in the Jenkins Coverity Plugin that allows an attacker with local file system access or control of a Jenkins administrator's web browser to retrieve the configured keystore and private key passwords.
Ajenti contains an Information Disclosure vulnerability that can result in user and system enumeration.
Ajenti contains an Information Disclosure vulnerability that can result in user and system enumeration.
Ajenti contains an Insecure Permissions vulnerability that allows normal users to download arbitrary plugins.
Ajenti contains an Insecure Permissions vulnerability that allows normal users to download arbitrary plugins.
An improper authorization vulnerability exists in Jenkins Mercurial Plugin that allows an attacker with network access to obtain a list of nodes and users.
An improper authorization vulnerability exists in the Jenkins Git Plugin in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users.
An improper authorization vulnerability exists in the Jenkins Subversion Plugin in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.
An improper authorization vulnerability exists in the Jenkins Ownership Plugin in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related permissions to override ownership metadata.
An improper authorization vulnerability exists in the Jenkins Promoted Builds Plugin in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
An improper authorization vulnerability exists in the Jenkins Gerrit Trigger Plugin in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins.
An improper authorization vulnerability exists in the Jenkins Gerrit Trigger Plugin in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin that allow an attacker to obtain credential IDs.
RubyGems contains an Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures.
In Kubernetes, containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions), can access files and directories outside the volume, including the host's filesystem.
Ajenti contains an Input Validation vulnerability. An attacker can freeze the server by sending a long string through the ID parameter.
Ajenti contains an Input Validation vulnerability. An attacker can freeze the server by sending a long string through the ID parameter.
RubyGems contains an Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem being able to set an invalid homepage URL.
brianleroux tiny-json-http contains a missing SSL certificate validation vulnerability. The libraries core functionality is affected, which can result in the user being exposed to man-in-the-middle attacks.
transport.py in the SSH server implementation of Paramiko does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
RubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appears to be exploitable when the victim runs the gem owner command on a gem with a specially crafted YAML file.
A cross-site scripting vulnerability exists in the Jenkins TestLink Plugin allowing an attacker to have Jenkins serve arbitrary HTML and JavaScript.
A cross-site scripting vulnerability exists in the Jenkins CppNCSS Plugin that allows an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed.
RubyGems contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appears to be exploitable by the victim browsing to a malicious gem on a vulnerable gem server.
Pym.js contains a CSRF vulnerability in Pym.js onNavigateToMessage function that can result in arbitrary javascript code execution.
Ajenti contains a CSRF vulnerability in the command execution panel of the tool used to manage the server.
Ajenti contains a CSRF vulnerability in the command execution panel of the tool used to manage the server.
Keycloak has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.
Hammer CLI, a CLI utility for Foreman, does not explicitly set the verify_ssl flag for apipie-bindings. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
The SSH server implementation of AsyncSSH does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
A security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.
A Directory traversal vulnerability in Jubatus allows remote attackers to read arbitrary files via unspecified vectors.
Directory traversal vulnerability in Jubatus allows remote attackers to read arbitrary files via unspecified vectors.
Jubatus allows remote code execution via unspecified vectors.
Jubatus allows remote code execution via unspecified vectors.
Sinatra rack-protection contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application.
Bacula-web contains a SQL injection vulnerability.
Github Electron version Electron contains a Command Injection vulnerability in Protocol Handler that can result in command execute.This issue is due to an incomplete fix for CVE-2018-1000006, specifically the block list used was not case insensitive allowing an attacker to potentially bypass it.
URI values are not properly sanitized if the values contained character entities. Using character entities, it is possible to construct a URI value with parameters that are sliding through without being sanitized.
The SelectLimit function has a potential SQL injection vulnerability through the use of the nrows and offset parameters which are not forced to integers.
adodb-php contains a SQLi vulnerability.
The Auth0 Authjs library has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Adminer has SSRF via the server parameter.
The ODE process deployment web service is sensible to deployment messages with forged names. Using a path as name can lead to directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion.
An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation.
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.
Bitpay/insight-api Insight-api contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.
The moment module for Node.js is prone to a regular expression denial of service via a crafted date string.
index.js in the ssri module is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.
index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string.
Drupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
Drupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
The Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses. This vulnerability can be mitigated by disabling the Settings Tray …
In Drupal, the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for.
When using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; …
When using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; …
Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output is not auto-escaped by either Drupal 7 or Drupal 8). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.
Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output is not auto-escaped by either Drupal 7 or Drupal 8). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.
When using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs …
When using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs …
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit.
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit.
Users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.
Users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.
In Apache OpenMeetings, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
Unauthorised users could gain access to web application resources. Only security constraints with a URL pattern of the empty string are affected.
The Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. An user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath.
A malicious user can send a network message to the Geode locator and execute code if certain classes are present on the classpath.
Hekto contains a path traversal vulnerability. It allows reading arbitrary files from the remote server.
localhost-now suffers from a path traversal vulnerability. It allows reading the content of arbitrary files on the remote server.
626 includes a path traversal vulnerability. It allows reading arbitrary files from the remote server.
In the Ox gem for Ruby, a segmentation fault can be triggered by supplying a specially crafted input to parse_obj.
FasterXML jackson-databind allows unauthenticated remote code execution. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a denylist that is ineffective if the c3p0 libraries are available in the classpath.
Several vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features
anywhere allows embedding HTML in file names, which in certain conditions allows execution of malicious JavaScript.
simplehttpserver allows embedding HTML in file names, which in certain conditions allows execution of malicious JavaScript.
The Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.
In mxGraphViewImageReader, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks
A vulnerability in Tomcat leads to the exposure of resources to users that are not authorised to access them.
This vulnerability might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a correctMkdir issue.
Yab Quarx is prone to multiple persistent cross-site scripting vulnerabilities.
There are multiple Persistent XSS vulnerabilities in Radiant CMS. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdm allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Jenkins and Jenkins LTS does not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allows users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master …
This vulnerability allows a user of Apache Oozie to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.
An issue was discovered in config/error.php.The error log is exposed at anerrors.log` URI, and contains MySQL credentials if a MySQL error (such as 'Too many connections') has occurred.
Converse.js and Inverse.js allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
Path traversal is possible via backslash characters on Windows. An attacker could access arbitrary files and directories stored on the file system.
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra on Windows. Path traversal is possible via backslash characters.
crud-file-server allows embeding HTML in file names, which in certain conditions might lead to malicious JavaScript execution.
Public has a path traversal vulnerability. It allows an attacker to read content of arbitrary files on the server.
SQL injection possible with limit() on MySQL.
An improper authorization vulnerability exists in Jenkins that allows an attacker to submit HTTP GET requests and get limited information about the response.
An improper input validation vulnerability in Jenkins allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
Filter input to avoid XPath injection.
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When a primitive value is used as the Handlebars context, that value is not properly escaped. An example of this would be using the {{each}} helper to iterate over …
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When using the {{group}} helper, user supplied content in the template was not being sanitized. Though the vulnerability exists in Ember.js proper, it is only exposed via the use …
Microsoft Edge and ChakraCore in Microsoft Windows allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Microsoft Edge and ChakraCore in Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Microsoft Edge and ChakraCore in Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Microsoft Edge and ChakraCore in Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Microsoft Edge and ChakraCore in Microsoft Windows allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Microsoft Edge and ChakraCore in Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Microsoft Edge and ChakraCore in Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Microsoft Edge and ChakraCore in Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Utilities function in mixin-deep can be tricked into modify the prototype of "Object" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object, leading to denial of service or remote code execution.
Utilities function in defaults-deep can be tricked into modifying the prototype of "Object" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object. This can lead to denial of service or remote code execution.
Utilities function in merge-deep can be tricked into modifying the prototype of "Object" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object. This can lead to denial of service or remote code execution.
Utilities function in assign-deep can be tricked into modifying the prototype of "Object" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object. This can lead to denial of service or remote code execution.
The limit() query method is vulnerable to SQL injection with MySQL.
The limit() query method is vulnerable to SQL injection with MySQL.
There is a Regular Expression Denial of Service vulnerability in the strict mode functionality.
When using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
When using the OpenWire protocol in ActiveMQ, certain system details (such as the OS and kernel version) are exposed as plain text.
When using the OpenWire protocol in ActiveMQ it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
Functions in Lodash ( merge, mergeWith, defaultsDeep) can modify the prototype of "Object" if given malicious data. This can lead to denial of service or remote code execution.
When using Distributed Test only (RMI based), Apache JMeteranduses an unsecured RMI connection. This could allow an attacker to get access to JMeterEngine and send unauthorized code.
Jerome Gamez Firebase Admin SDK for PHP contains an Incorrect Access Control vulnerability.
Jenkins CCM Plugin processes XML external entities in parsed files as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
In Apache jUDDI, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks.
Mautic contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
Dolibarr contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
Cnvs Canvas contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code.
Croogo contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.
An integer overflow in xmlmemory.c in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
The sample web application in web2py might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.
In Apache CloudStack, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
web2py allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status.
Apache CloudStack to contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another, non-root CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
On Firefox there is a XSS vulnerability if a malicious attacker can write into the xml:base attribute on an SVG anchor.
A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.
A SimpleSAMLphp Service Provider using SAML will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the …
dijit.Editor in Dojo Toolkit allows XSS via the onload attribute of an SVG element.
The consentAdmin module in SimpleSAMLphp is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.
The echor Gem for Ruby contains a flaw that is due to the program exposing credential information in the system process listing. This may allow a local attacker to gain access to plaintext credential information.
The echor Gem for Ruby contains a flaw in backplane.rb in the perform_request function that is triggered when a semi-colon ; is injected into a username or password. This may allow a context-dependent attacker to inject arbitrary commands if the gem is used in a RoR application.
SimpleSAMLphp allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.
The sqlauth module in SimpleSAMLphp relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
The SAML2 library in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe.
Some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.
Simditor allows XSS via crafted use of svg/onload=alert in a TEXTAREA element.
Apache POI is vulnerable to Denial of Service Attacks through infinite loops while parsing crafted WMF, EMF, MSG and macros or Out of Memory Exceptions while parsing crafted DOC, PPT and XLS.
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
The login command available in the remoting-based CLI stores the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values, were able to impersonate any other Jenkins user on the same instance.
Jenkins is vulnerable to a deserialization vulnerability.
An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing denylist-based protection mechanism.
Jenkins is vulnerable to an issue in the Jenkins user database authentication realm.
In strategy.rb in OmniAuth, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
Users with permission to create or configure agents in Jenkins could configure a launch method called "Launch agent via execution of command on master". This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators.
Jenkins Build-Publisher stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations.
The remote API in Jenkins shows information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g., due to lack of Item/Read permission.
Jenkins provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included Jenkins users' email addresses if the Mailer Plugin is installed.
The Jenkins remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access.
Jenkins Multijob plugin does not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build.
The Jenkins remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to.
Jenkins Swarm Plugin bundles a version of the commons-httpclient library that incorrectly verifies SSL certificates, making it susceptible to man-in-the-middle attacks.
The Jenkins default form control for passwords and other secrets, <f:password/>, supports form validation. The form validation AJAX requests were sent via GET, which could result in secrets being logged to an HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files.
Jenkins bundles a version of the commons-fileupload library with a denial-of-service vulnerability.
Jenkins stores metadata related to people, which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files.
Jenkins bundled a version of the commons-httpclient library that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.
Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters.
Jenkins Active Choices plugin allowed users with "Job/Configure" permission to provide arbitrary HTML to be shown on the "Build With Parameters" page through the "Active Choices Reactive Reference Parameter" type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the "Build With Parameters" page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it …
Some URLs provided by Jenkins global-build-stats plugin returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability.
The Jenkins Delivery Pipeline Plugin uses the unescaped content of the query parameter "fullscreen" in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.
Users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the new File(String) constructor for the purpose of in-process script approval.
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack.
Resteasy allows Yaml unmarshalling via Yaml.load() in YamlProvider.
GitHub Electron has a vulnerability in the protocol handler.