CVE-2024-41953 Zitadel improperly sanitizes HTML in emails and Console UI

Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may...

CVE-2024-41952 Zitadel has an "Ignoring unknown usernames" vulnerability

Zitadel is an open source identity management system. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report...

CVE-2022-23639 affecting package librsvg2 for versions less than 2.58.1-1

CVE-2022-23639 affecting package librsvg2 for versions less than 2.58.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-27378 affecting package librsvg2 for versions less than 2.58.1-1

CVE-2021-27378 affecting package librsvg2 for versions less than 2.58.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-24713 affecting package librsvg2 for versions less than 2.58.1-1

CVE-2022-24713 affecting package librsvg2 for versions less than 2.58.1-1. An upgraded version of the package is available that resolves this issue...

Gnome Glib version 2.58.1 suffers from an out-of-bounds read vulnerability

GNOME is a GNU network object model.GLib provides the core application components for libraries and programs written in C. An out-of-bounds read vulnerability exists in Gnome Glib version 2.58.1. An attacker can exploit to cause a stack overflow out-of-bounds read...