GHSL-2020-074, 077, 078: Memory corruptions in HPLIP - CVE-2020-6923

HPLIP contains two memory corruption vulnerabilities which can be triggered by a malicious device or computer that is connected to the same network.

Kevin Backhouse

GHSL-2020-113: Command injection vulnerability in limdu - CVE-2020-4066

The `trainBatch` function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability

Kevin Backhouse

GHSL-2020-097: Missing hostname validation in twitter-stream - CVE-2020-24392

Missing hostname validation allows an attacker to perform a monster in the middle attack against users of the library.

Agustin Gianni

GHSL-2020-096: Missing hostname validation in tweetstream - CVE-2020-24393

Missing hostname validation allows an attacker to perform a monster in the middle attack against users of tweetstream

Agustin Gianni

GHSL-2020-145: Command injection on Windows in Opener

Although code execution is part of the intended purpose of Opener, a crafted url can run an arbitrary shell command rather than just launching a browser.

GitHub Security Lab Team

GHSL-2020-140: Open redirect in Traefik - CVE-2020-15129

There exists a potential open redirect vulnerability in Traefik's handling of the `X-Forwarded-Prefix` header.

GitHub Security Lab Team

GHSL-2020-132: SQL Injection in Mailtrain - CVE-2020-24617

SQL injection and missing CSRF protection may lead to Remote Code Execution (RCE) or arbitrary file read.

Jaroslav Lobačevski

GHSL-2020-126: Open URL redirect in Orange Forum 1.x.x

There exists an `Open URL redirect` vulnerability in the 1.x.x branch of Orange Forum. An attacker can send an Orange Forum user a crafted link targeting the login page of Orange Forum, redirecting to a malicious site.

GitHub Security Lab Team

GHSL-2020-133: Path traversal vulnerability in Adobe git-server - CVE-2020-9708

Malicious users may access any Git repository on the server even if it is outside the served root directory

Jaroslav Lobačevski

GHSL-2020-109: Command injection in codecov

The `upload` method has a command injection vulnerability. Clients of the `codecov-node` library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

GitHub Security Lab Team

GHSL-2020-095 : Monster in the middle attack in em-imap - CVE-2020-13163

Missing hostname validation allows an attacker to perform a monster in the middle attack against users of the library.

Agustin Gianni

GHSL-2020-076: Server-Side Template Injection in Cascade CMS

A user with privileges to edit templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Cascade CMS.

Alvaro Muñoz

GHSL-2020-046: Server-Side Template Injection in XWiki

A user with privileges to edit wiki content may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running XWiki.

Alvaro Muñoz

GHSL-2020-042: Server-Side Template Injection in Crafter CMS

A user with privileges to edit a FreeMarker template may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Crafter CMS.

Alvaro Muñoz

GHSL-2020-086, 087, 088, 089 - Server-Side Template Injection in Apache Camel - CVE-2020-11994

Apache Camel FreeMarker, Velocity, MVEL and Moustache components are vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) or Arbitrary File Disclosure.

Alvaro Muñoz

GHSL-2020-069: Unsafe deserialization of XMLRPC arguments in ApacheOfBiz - CVE-2020-9496

Apache OfBiz is vulnerable to pre-auth Remote Code Execution (RCE) via unsafe deserialization.

Alvaro Muñoz

GHSL-2020-068: Cross-Site Scripting in Apache OfBiz - CVE-2020-9496

Apache OfBiz is vulnerable to Reflected Cross-Site Scripting through POST request

Alvaro Muñoz

GHSL-2020-111: Command injection vulnerability in standard-version

The GitHub Security Lab team has identified a potential security vulnerability in standard-version.

Kevin Backhouse

GHSL-2020-072: Arbitrary file disclosure in JinJava - CVE-2020-12668

A user with privileges to write JinJava templates, for example in a CMS context, will be able to read arbitrary files from the file system.

Alvaro Muñoz

GHSL-2020-071: Server-side template injection in Lithium CMS

A user with privileges to edit a FreeMarker template may execute arbitrary Java code or run arbitrary system commands with escalated privileges.

Alvaro Muñoz

GHSL-2020-047: Server-side template injection in dotCMS

A user with privileges to edit templates may execute arbitrary Java code or run arbitrary system commands with escalated privileges.

Alvaro Muñoz

GHSL-2020-045: Server-side template injection in Atlassian Confluence - CVE-2020-4027

A user with privileges to edit User macros may execute arbitrary Java code or run arbitrary system commands with escalated privileges.

Alvaro Muñoz

GHSL-2020-043: Server-side template injection in Liferay - CVE-2020-13445

A user with privileges to edit FreeMarker or Velocity templates may execute arbitrary Java code or run arbitrary system commands with escalated privileges.

Alvaro Muñoz

GHSL-2020-039: Server-side template injection in Alfresco - CVE-2020-12873

A user with privileges to edit a FreeMarker template may execute arbitrary Java code or run arbitrary system commands with escalated privileges.

Alvaro Muñoz

GHSL-2020-058: OOB read in Apache Guacamole prior to 1.2.0 - CVE-2020-9497

The GitHub Security Lab uncovered an OOB read vulnerability in Apache Guacamole prior to version 1.2.0 which may lead to information leak.

Nico Waisman

GHSL-2020-128: OOB read vulnerability in FreeRDP RLEDECOMPRESS - CVE-2020-4033

The GitHub Security Lab team has uncovered an OOB read vulnerability in FreeRDP's RLEDECOMPRESS function.

Antonio Morales

GHSL-2020-125: integer signedness mismatch vulnerability in FreeRDP leads to OOB read - CVE-2020-4032

The GitHub Security Lab team has uncovered an integer signedness mismatch vulnerability in FreeRDP's update_recv_secondary_order function which leads to an OOB read vulnerability.

Antonio Morales

GHSL-2020-124: OOB read vulnerability in FreeRDP update_recv_primary_order - CVE-2020-11095

The GitHub Security Lab team has uncovered an OOB read vulnerability in FreeRDP's update_recv_primary_order function.

Antonio Morales

GHSL-2020-107: OOB read vulnerability in FreeRDP update_read_cache_bitmap_v3_order - CVE-2020-11096

The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's update_read_cache_bitmap_v3_order function.

Antonio Morales

GHSL-2020-106: integer signedness mismatch leading to OOB read in FreeRDP - CVE-2020-4030

The GitHub Security Lab team has uncovered an integer signedness mismatch vulnerability in FreeRDP leading to OOB read.

Antonio Morales

GHSL-2020-105: OOB read vulnerability in FreeRDP glyph_cache_put - CVE-2020-11098

The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's glyph_cache_put function

Antonio Morales

GHSL-2020-104: OOB read vulnerability in FreeRDP ntlm_av_pair_get - CVE-2020-11097

The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's ntlm_av_pair_get function.

Antonio Morales

GHSL-2020-103: OOB read vulnerability in FreeRDP license_read_new_or_upgrade_license_packet - CVE-2020-11099

The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's license_read_new_or_upgrade_license_packet function.

Antonio Morales

GHSL-2020-122: Command injection in git-diff-apply

The GitHub Security Lab team has identified a potential remote code execution in git-diff-apply.

Kevin Backhouse

GHSL-2020-110: Command Injection in mversion

The GitHub Security Lab team has identified a potential remote code execution in mversion

Kevin Backhouse

GHSL-2020-119: command injection vulnerability in node-dns-sync resolve method - CVE-2020-11079

The Github team has identified a command injection vulnerability in the resolve method of the node-dns-sync library.

Kevin Backhouse

GHSL-2020-102: Heap overflow in FreeRDP crypto_rsa_common - CVE-2020-13398

The GitHub Security Lab team has identified a heap overflow in FreeRDP's crypto_rsa_common function.

Antonio Morales

GHSL-2020-101: NULL dereference in FreeRDP FIPS routines - CVE-2020-13397

The GitHub Security Lab team identified a NULL dereference in FreeRDP's libfreerdp.

Antonio Morales

GHSL-2020-100: Out of Bounds (OOB) read vulnerability in FreeRDP - CVE-2020-13396

The GitHub Security Lab team has identified an Out of Bounds read vulnerability in FreeRDP's ntlm_read_ChallengeMessage function.

Antonio Morales

GHSL-2020-099: mXSS vulnerability in AngularJS

The GitHub Security Lab team has found a potential mXSS vulnerabulity in AngularJS.

Alvaro Muñoz

GHSL-2020-094: Missing SSL/TLS certificate hostname validation in em-http-request - CVE-2020-13482

The GitHub Security Lab team uncovered a missing hostname validation vulnerability in the em-http-request library that allows an attacker to perform a Person In The Middle (PITM) attack against users of the library.

Agustin Gianni

GHSL-2020-075, GHSL-2020-079, GHSL-2020-080, GHSL-2020-081, GHSL-2020-082, GHSL-2020-083, GHSL-2020-084: Multiple vulnerabilities in SANE Backends (DoS, RCE)

The GitHub Security Lab team identified multiple memory corruption vulnerabilities in SANE Backends which may lead to Denial of Service (DoS) and Remote Code Execution (RCE).

Kevin Backhouse

GHSL-2020-064: integer overflow in LibVNCClient HandleCursorShape resulting in remote heap overflow - CVE-2019-20788

The GitHub Security Lab team detected an integer overflow in LibVNCClient HandleCursorShape RFB event handler.

Bas Alberts

GHSL-2020-057: dbus file descriptor leak (DoS) - CVE-2020-12049

The GitHub Security Lab team has identified a file descriptor leak in dbus that can lead to local Denial of Service.

Kevin Backhouse

GHSL-2020-073: Path traversal in Jooby - CVE-2020-7647

The GitHub Security Lab team has identified a path traversal vulnerability in Jooby that can lead to information disclosure.

Alvaro Muñoz

GHSL-2020-055: Server-Side Template Injection in Apache Syncope (RCE) - CVE-2019-17557

The GitHub Security Lab team has identified several potential security vulnerabilities in Apache Syncope, including RCE and XSS.

Alvaro Muñoz

GHSL-2020-054: XSS in Apache Syncope - CVE-2020-1961

The GitHub Security Lab team has identified a XSS vulnerability in Apache Syncope.

Alvaro Muñoz

GHSL-2020-029: Server-Side template injection in Apache Syncope (RCE) - CVE-2020-1959

The GitHub Security Labs team has identified a Server-Side template injection vulnerability in Apache Syncope, which leads to RCE.

Alvaro Muñoz

GHSL-2020-020: EL expression input sanitation bypass in Hibernate Validator - CVE-2020-10693

The GitHub Security Labs team has identified an EL expression input sanitation bypass vulnerability in Hibernate Validator.

Alvaro Muñoz

GHSL-2020-085: Open redirect vulnerability in Sourcegraph - CVE-2020-12283

By exploiting an open redirect vulnerability, an attacker could potentially redirect a victim to any arbitrary URL and access their OAUTH token.

Alvaro Muñoz

GHSL-2020-051, GHSL-2020-052: Multiple vulnerabilities in NTOP nDPI

The GitHub Security Lab team has identified several potential security vulnerabilities in NTOP nDPI, including RCE and DoS.

Bas Alberts

GHSL-2020-010: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0070

An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.

Man Yue Mo

GHSL-2020-008: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0071

An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.

Man Yue Mo

GHSL-2020-007: Out-of-bounds write in Android Open Source Project - CVE-2020-0072

An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.

Man Yue Mo

GHSL-2020-006: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0073

An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.

Man Yue Mo

GHSL-2020-031: SQL injection in PureFTPd

Improper sanitization of SQL queries lead to SQL injection via a configuration file.

Antonio Morales

GHSL-2020-053: Use After Free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.

Man Yue Mo

GHSL-2020-041: Use After Free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.

Man Yue Mo

GHSL-2020-040: Use After Free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.

Man Yue Mo

GHSL-2020-038: Use after free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.

Man Yue Mo

GHSL-2020-037: Use after free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.

Man Yue Mo

GHSL-2020-035: Use after free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.

Man Yue Mo

GHSL-2020-030: Server-Side Template Injection in Dropwizard

Server-Side Template Injection in Dropwizard leading to Remote Code Execution (RCE).

Alvaro Muñoz

GHSL-2020-015: Remote Code Execution - Bypass of CVE-2018-16621 mitigations in Nexus Repository Manager

High privileged users can bypass the existing mitigations and inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.

Alvaro Muñoz

GHSL-2020-014: Remote Code execution - Dynamic Code Evaluation via Scheduled Tasks in Nexus Repository Manager

It is possible for a user with the right permissions to execute arbitrary groovy or javascript scripts resulting in remote code execution.

Alvaro Muñoz

GHSL-2020-013: Remote Code Execution - Dynamic Code Evaluation via Scripts in Nexus Repository Manager

It is possible for a user with the right permissions to execute arbitrary groovy or javascript scripts resulting in remote code execution.

Alvaro Muñoz

GHSL-2020-012: Remote Code Execution - JavaEL Injection (high privileged accounts) in Nexus Repository Manager

High privileged users can inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.

Alvaro Muñoz

GHSL-2020-009: UAF leads to RCE in ProFTPD

A use-after-free vulnerability in ProFTPD could allow a remote attacker to execute arbitrary code on the affected system.

Antonio Morales

GHSL-2020-016: Persistent Cross-Site scripting in Nexus Repository Manager

An attacker with elevated privileges can create content selectors with a specially crafted name using the REST API, which when viewed by another user can execute arbitrary JavaScript in the context of the NXRM application.

Alvaro Muñoz

GHSL-2020-011: Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Attackers can inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.

Alvaro Muñoz

GHSL-2020-056: Double free in OpenSSL client

The GitHub Security Labs team has identified a security issue in OpenSSL in which an attacker can force a client into freeing the same memory twice.

Agustin Gianni

GHSL-2020-028: Server-Side Template Injection in Netflix Titus

A Server-Side Template Injection was identified in Netflix Titus enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.

Alvaro Muñoz

GHSL-2020-027: Server-Side Template Injection in Netflix Conductor

A Server-Side Template Injection was identified in Netflix Conductor enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.

Alvaro Muñoz

GHSL-2020-032: out-of-bounds (OOB) read vulnerability in PureFTPd

An out-of-bounds (OOB) read vulnerability has been detected in PureFTPd's pure_strcmp function.

Antonio Morales

GHSL-2020-026: Person in the middle attacks with lua-openssl

Several security issues have been found in the way X509 certificate validation functions are exposed to LUA. Clients using certain functions in lua-openssl are exposed to person-in-the-middle attacks.

Agustin Gianni

GHSL-2020-025: OOB read and DoS in PureFTPd

An uninitialized pointer vulnerability in PureFTPd results in Out-of-Bounds reads and Denial of Service.

Antonio Morales

GHSL-2020-003, GHSL-2020-004, GHSL-2020-005: Person in the middle attack on openfortivpn clients

Several security issues have been found in the way openfortivpn deals with TLS. These issues can lead to situations in which an attacker can perform a person-in-the-middle attack on clients.

Agustin Gianni

GHSL-2020-002: out-of-bounds (OOB) read in ProFTPD

An out-of-bounds (OOB) read vulnerability detected in mod_cap.

Antonio Morales

GHSL-2020-001: Off-by-one heap overflow in Bftpd

Under certain circumstances, an off-by-one heap overflow can occur in the command_retr function.

Antonio Morales