CVE-2022-21642 Exposure of whisper participants in discourse

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this...

CVE-2021-43816 Improper Preservation of Permissions in containerd

containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...

containerd 权限许可和访问控制问题漏洞

containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. containerd has a security vulnerability that stems from containerd as a fallback Container Runtime Interface CR...

CVE-2022-21650 Stored XSS via html file upload in convos

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...

CVE-2021-43832

Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without authentication. If users haven't setup...

UBUNTU-CVE-2021-43804

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against th...

UBUNTU-CVE-2021-41261

Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been...

PT-2021-5592 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.15.11 Description: A use-after-free exists in the TEE subsystem of the Linux kernel due to a race condition in tee shm get from id during an attempt to free a shared memory object. This issue is related to the...

Wi-Fi STATION SH-52A vulnerable to cross-site scripting

Overview Wi-Fi STATION SH-52A provided by NTT DOCOMO, INC. contains a cross-site scripting vulnerability CWE-79. Takayuki Sasaki of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

PYSEC-2021-436

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

UBUNTU-CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

Vulnerability fixed in GitLab

A vulnerability was fixed in April 2021 in GitLab Community Edition and GitLab Enterprise Edition. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code to execute. The ExifTool built into GitLab could be exploited by the offering a rogue file to be...

UBUNTU-CVE-2021-3882

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...

Electron 安全漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML and CSS. A security vulnerability exists in Electron that allows a...

CVE-2021-39218

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...

Input validation

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed three vulnerabilities in Dynamics. A malicious party can exploit the vulnerabilities to impersonate as another user or to execute arbitrary code. Below is an overview of the affected vulnerabilities: Microsoft Dynamics:...

PT-2021-8091 · Unknown +6 · Ansible Engine +6

Name of the Vulnerable Software and Affected Versions: Ansible Engine versions prior to 2.8.15 Description: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The...

PT-2021-11316 · Stmicroelectronics · Stm32L4

Name of the Vulnerable Software and Affected Versions: STMicroelectronics STM32L4 devices through 2020-10-19 Description: The issue concerns incorrect access control in the affected devices. Specifically, the flash read-out protection RDP can be degraded from RDP level 2, which allows no access v...

PT-2021-17899 · Pillow +9 · Pillow +9

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 8.2.0 Description: An issue was discovered in Pillow where the BlpImagePlugin did not properly check that reads, after jumping to file offsets, returned data for BLP data. This could lead to a denial of service DoS...