| CVE-2024-30564 | Cri | 0.57 | 9.8 | 0.04 | | Apr 18, 2024 | An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method. |
| CVE-2024-3098 | Cri | 0.57 | 9.8 | 0.00 | | Apr 10, 2024 | A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw. |
| CVE-2024-31218 | Cri | 0.57 | 9.8 | 0.00 | | Apr 5, 2024 | Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP request to the database (Pocketbase) admin API to create an admin account. The Pocketbase admin API does not check for authentication/authorization when creating an admin account when no admin accounts have been added. In its default deployment, Webhood does not create a database admin account. Therefore, unless users have manually created an admin account in the database, an admin account will not exist in the deployment and the deployment is vulnerable. Versions starting from 0.9.1 are patched. The patch creates a randomly generated admin account if admin accounts have not already been created i.e. the vulnerability is exploitable in the deployment. As a workaround, users can disable access to URL path starting with `/api/admins` entirely. With this workaround, the vulnerability is not exploitable via network. |
| CVE-2023-51803 | Cri | 0.57 | 9.8 | 0.00 | | Apr 1, 2024 | LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. |
| CVE-2024-29650 | Cri | 0.57 | 9.8 | 0.03 | | Mar 25, 2024 | An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components. |
| CVE-2021-47157 | Cri | 0.57 | 9.8 | 0.00 | | Mar 18, 2024 | The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. |
| CVE-2018-25099 | Cri | 0.57 | 9.8 | 0.00 | | Mar 18, 2024 | In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag. |
| CVE-2022-32224 | Cri | 0.57 | 9.8 | 0.02 | | Dec 5, 2022 | A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. |
| CVE-2022-45047 | Cri | 0.57 | 9.8 | 0.06 | | Nov 16, 2022 | Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server. |
| CVE-2022-2437 | Cri | 0.57 | 9.8 | 0.09 | | Jul 18, 2022 | The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. |
| CVE-2022-0239 | Cri | 0.57 | 9.8 | 0.00 | | Jan 17, 2022 | corenlp is vulnerable to Improper Restriction of XML External Entity Reference |
| CVE-2020-9546 | Cri | 0.57 | 9.8 | 0.02 | | Mar 2, 2020 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). |
| CVE-2017-1001003 | Cri | 0.57 | 9.8 | 0.00 | | Nov 27, 2017 | math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. |
| CVE-2017-1001002 | Cri | 0.57 | 9.8 | 0.01 | | Nov 27, 2017 | math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. |
| CVE-2017-7550 | Cri | 0.57 | 9.8 | 0.01 | | Nov 21, 2017 | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation. |
| CVE-2017-16613 | Cri | 0.57 | 9.8 | 0.02 | | Nov 21, 2017 | An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team. |
| CVE-2017-1000248 | Cri | 0.57 | 9.8 | 0.00 | | Nov 17, 2017 | Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis |
| CVE-2017-1000219 | Cri | 0.57 | 9.8 | 0.03 | | Nov 17, 2017 | npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user |
| CVE-2017-12634 | Cri | 0.57 | 9.8 | 0.06 | | Nov 15, 2017 | The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. |
| CVE-2017-0907 | Cri | 0.57 | 9.8 | 0.01 | | Nov 13, 2017 | The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. |
| CVE-2017-0906 | Cri | 0.57 | 9.8 | 0.01 | | Nov 13, 2017 | The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources. |
| CVE-2017-0905 | Cri | 0.57 | 9.8 | 0.01 | | Nov 13, 2017 | The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources. |
| CVE-2017-16764 | Cri | 0.57 | 9.8 | 0.03 | | Nov 10, 2017 | An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. |
| CVE-2017-16763 | Cri | 0.57 | 9.8 | 0.02 | | Nov 10, 2017 | An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. |
| CVE-2017-16618 | Cri | 0.57 | 9.8 | 0.02 | | Nov 8, 2017 | An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. |
| CVE-2017-16616 | Cri | 0.57 | 9.8 | 0.01 | | Nov 8, 2017 | An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. |
| CVE-2017-16615 | Cri | 0.57 | 9.8 | 0.01 | | Nov 8, 2017 | An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. |
| CVE-2013-4366 | Cri | 0.57 | 9.8 | 0.01 | | Oct 30, 2017 | http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification. |
| CVE-2017-16228 | Cri | 0.57 | 9.8 | 0.00 | | Oct 29, 2017 | Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. |
| CVE-2014-3600 | Cri | 0.57 | 9.8 | 0.01 | | Oct 27, 2017 | XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. |
| CVE-2014-3579 | Cri | 0.57 | 9.8 | 0.03 | | Oct 27, 2017 | XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. |
| CVE-2017-14695 | Cri | 0.57 | 9.8 | 0.00 | | Oct 24, 2017 | Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. |
| CVE-2015-5172 | Cri | 0.57 | 9.8 | 0.00 | | Oct 24, 2017 | Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links. |
| CVE-2015-5171 | Cri | 0.57 | 9.8 | 0.00 | | Oct 24, 2017 | The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions. |
| CVE-2014-3741 | Cri | 0.57 | 9.8 | 0.02 | | Oct 23, 2017 | The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command. |
| CVE-2017-0903 | Cri | 0.57 | 9.8 | 0.06 | | Oct 11, 2017 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. |
| CVE-2016-6795 | Cri | 0.57 | 9.8 | 0.05 | | Sep 20, 2017 | In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. |
| CVE-2017-12873 | Cri | 0.57 | 9.8 | 0.01 | | Sep 1, 2017 | SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. |
| CVE-2017-12868 | Cri | 0.57 | 9.8 | 0.01 | | Sep 1, 2017 | The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. |
| CVE-2017-0899 | Cri | 0.57 | 9.8 | 0.07 | | Aug 31, 2017 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. |
| CVE-2015-6941 | Cri | 0.57 | 9.8 | 0.00 | | Aug 9, 2017 | win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. |
| CVE-2016-6798 | Cri | 0.57 | 9.8 | 0.01 | | Jul 19, 2017 | In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application. |
| CVE-2017-1000362 | Cri | 0.57 | 9.8 | 0.01 | | Jul 17, 2017 | The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. |
| CVE-2017-1000056 | Cri | 0.57 | 9.8 | 0.00 | | Jul 17, 2017 | Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. |
| CVE-2017-4992 | Cri | 0.57 | 9.8 | 0.00 | | Jun 13, 2017 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations. |
| CVE-2014-3527 | Cri | 0.57 | 9.8 | 0.00 | | May 25, 2017 | When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users. |
| CVE-2017-5651 | Cri | 0.57 | 9.8 | 0.06 | | Apr 17, 2017 | In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. |
| CVE-2016-10321 | Cri | 0.57 | 9.8 | 0.00 | | Apr 10, 2017 | web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. |
| CVE-2016-6809 | Cri | 0.57 | 9.8 | 0.07 | | Apr 6, 2017 | Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization. |
| CVE-2017-7214 | Cri | 0.57 | 9.8 | 0.01 | | Mar 21, 2017 | An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. |
