Search
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22199 | 2024-01-12 | N/A | N/A | ||
| This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. | |||||
| CVE-2023-3997 | 1 Splunk | 1 Soar | 2024-01-09 | N/A | 7.8 HIGH |
| Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action. | |||||
| CVE-2022-3941 | 1 Activity Log Project | 1 Activity Log | 2023-12-28 | N/A | 5.3 MEDIUM |
| A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448. | |||||
| CVE-2023-42183 | 1 Lockss | 1 Classic Lockss Daemon | 2023-12-28 | N/A | 5.3 MEDIUM |
| lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick. | |||||
| CVE-2023-28101 | 1 Flatpak | 1 Flatpak | 2023-12-23 | N/A | 4.3 MEDIUM |
| Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust. | |||||
| CVE-2023-26279 | 1 Ibm | 1 Qradar Wincollect | 2023-11-30 | N/A | 7.8 HIGH |
| IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160. | |||||
| CVE-2023-38316 | 1 Opennds | 1 Captive Portal | 2023-11-23 | N/A | 9.8 CRITICAL |
| An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. | |||||
| CVE-2021-21684 | 1 Jenkins | 1 Git | 2023-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2023-5968 | 1 Mattermost | 1 Mattermost | 2023-11-14 | N/A | 4.9 MEDIUM |
| Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. | |||||
| CVE-2023-40014 | 1 Openzeppelin | 2 Openzeppelin Contracts, Openzeppelin Contracts-upgradable | 2023-08-23 | N/A | 5.3 MEDIUM |
| OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3. | |||||
| CVE-2020-13654 | 1 Xwiki | 1 Xwiki | 2023-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| XWiki Platform before 12.8 mishandles escaping in the property displayer. | |||||
| CVE-2023-39527 | 1 Prestashop | 1 Prestashop | 2023-08-09 | N/A | 6.1 MEDIUM |
| PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds. | |||||
| CVE-2021-42010 | 1 Apache | 1 Heron | 2023-08-08 | N/A | 9.8 CRITICAL |
| Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. | |||||
| CVE-2022-26174 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. | |||||
| CVE-2022-0741 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.3 MEDIUM | 7.5 HIGH |
| Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. | |||||
| CVE-2022-0124 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack. | |||||
| CVE-2022-20230 | 1 Google | 1 Android | 2023-08-08 | 1.9 LOW | 5.5 MEDIUM |
| In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221859869 | |||||
| CVE-2022-22744 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2023-08-08 | N/A | 8.8 HIGH |
| The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2021-0933 | 1 Google | 1 Android | 2023-08-08 | 7.9 HIGH | 8.0 HIGH |
| In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-172251622 | |||||
| CVE-2021-4068 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-08-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-2619 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | |||||
| CVE-2021-30589 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. | |||||
| CVE-2022-24682 | 1 Zimbra | 1 Collaboration | 2023-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. | |||||
| CVE-2022-43883 | 1 Ibm | 1 Cognos Analytics | 2023-08-08 | N/A | 7.5 HIGH |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. | |||||
| CVE-2022-42948 | 1 Helpsystems | 1 Cobalt Strike | 2023-08-08 | N/A | 9.8 CRITICAL |
| Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI. | |||||
| CVE-2022-48339 | 1 Gnu | 1 Emacs | 2023-08-08 | N/A | 7.8 HIGH |
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | |||||
| CVE-2022-35153 | 1 Fusionpbx | 1 Fusionpbx | 2023-08-08 | N/A | 9.8 CRITICAL |
| FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | |||||
| CVE-2022-28960 | 1 Spip | 1 Spip | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. | |||||
| CVE-2023-35941 | 1 Envoyproxy | 1 Envoy | 2023-08-02 | N/A | 9.8 CRITICAL |
| Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration. | |||||
| CVE-2023-32712 | 1 Splunk | 1 Splunk | 2023-07-31 | N/A | 3.1 LOW |
| In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially result in possible code execution in the vulnerable application. This attack requires a user to use a terminal application that supports the translation of ANSI escape codes, to read the malicious log file locally in the vulnerable terminal, and to perform additional user interaction to exploit. The vulnerability does not affect Splunk Cloud Platform instances. The vulnerability does not directly affect Splunk Enterprise. The indirect impact on the Splunk Enterprise instance can vary significantly depending on the permissions in the vulnerable terminal application and where and how the user reads the malicious log file. For example, users can copy the malicious file from the Splunk Enterprise instance and read it on their local machine. | |||||
| CVE-2023-3668 | 1 Froxlor | 1 Froxlor | 2023-07-27 | N/A | 7.2 HIGH |
| Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21. | |||||
| CVE-2021-44042 | 1 Uipath | 1 Assistant | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application. | |||||
| CVE-2021-30640 | 3 Apache, Debian, Oracle | 7 Tomcat, Debian Linux, Communications Cloud Native Core Policy and 4 more | 2022-07-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. | |||||
| CVE-2021-45226 | 1 Coins-global | 1 Construction Cloud | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites. | |||||
| CVE-2021-38182 | 1 Kyma-project | 1 Kyma | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. | |||||
| CVE-2020-27958 | 1 Osu | 1 Ohio Supercomputer Center Open Ondemand | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. | |||||
| CVE-2022-32549 | 1 Apache | 2 Sling Api, Sling Commons Log | 2022-06-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files. | |||||
| CVE-2022-23079 | 1 Getmotoradmin | 1 Motor Admin | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim. | |||||
| CVE-2022-25235 | 4 Debian, Fedoraproject, Libexpat Project and 1 more | 5 Debian Linux, Fedora, Libexpat and 2 more | 2022-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | |||||
| CVE-2021-23266 | 1 Craftercms | 1 Crafter Cms | 2022-05-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator. | |||||
| CVE-2022-30781 | 1 Gitea | 1 Gitea | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| Gitea before 1.16.7 does not escape git fetch remote. | |||||
| CVE-2021-39027 | 1 Ibm | 1 Guardium Data Encryption | 2022-05-13 | 4.0 MEDIUM | 5.0 MEDIUM |
| IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865. | |||||
| CVE-2021-45848 | 2 Fedoraproject, Nicotine-plus | 2 Fedora, Nicotine\+ | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. | |||||
| CVE-2021-29854 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2022-05-11 | 4.3 MEDIUM | 7.2 HIGH |
| IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. | |||||
| CVE-2021-42250 | 1 Apache | 1 Superset | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. | |||||
| CVE-2021-32796 | 1 Xmldom Project | 1 Xmldom | 2022-04-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents. | |||||
| CVE-2021-43106 | 1 Compassplus | 2 Tranzware Online, Tranzware Online Financial Institution Maintenance Interface | 2022-02-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. This is due to that the server implicitly trusts the Host header, and fails to validate or escape it properly. An attacker can use this input to redirect target users to a malicious domain/web page. This would result in expanding the potential to further attacks and malicious actions. | |||||
| CVE-2021-29872 | 1 Ibm | 1 Cloud Pak For Automation | 2022-01-25 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228. | |||||
| CVE-2021-40007 | 1 Huawei | 2 Ecns280 Td, Ecns280 Td Firmware | 2021-12-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure. | |||||
| CVE-2021-43410 | 1 Apache | 1 Airavata Django Portal | 2021-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170 | |||||