Weave GitOps 跨站脚本漏洞

Weave GitOps is a simple open source developer platform open sourced by Weaveworks. A security vulnerability exists in Weave GitOps Enterprise prior to version 0.9.0-rc.5, which stems from having cross-site scripting XSS that allows a malicious user to inject a javascript link into the UI, which...

CVE-2022-0497

A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations...

Out-of-bounds

A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations...

CVE-2022-0497

A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations...

CVE-2022-0497

OpenSCAD is affected by CVE-2022-0497. The vulnerability is an out-of-bounds read during parsing of annotations in a .scad file that ends without a trailing newline. The root cause is in the comment/annotation parsing path. The CVSSv3.1 score is 7.1 (HIGH) with LOCAL attack vector, LOW attack com...

CVE-2022-0497

A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations...

Openscad 缓冲区错误漏洞

Openscad is an Openscad open source software for creating solid 3D CAD objects. A security vulnerability exists in Openscad that stems from a .scad file that may cause an out-of-bounds read during parsing of annotations...

CVE-2022-28677

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Reader DC overlapping annotations type confusion vulnerability

Summary A type confusion vulnerability exists in the way Adobe Acrobat Reader DC 2022.001.20085 deals with overlapping annotations. A specially-crafted PDF document can trigger this vulnerability, which can lead to arbitrary code execution. A victim needs to open the malicious file to trigger thi...

GSD-2022-1004016 fsnotify: fix wrong lockdep annotations

fsnotify: fix wrong lockdep annotations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.283 by commit...

GSD-2022-1003799 fsnotify: fix wrong lockdep annotations

fsnotify: fix wrong lockdep annotations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...

GSD-2022-1003639 fsnotify: fix wrong lockdep annotations

fsnotify: fix wrong lockdep annotations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...

GSD-2022-1003426 fsnotify: fix wrong lockdep annotations

fsnotify: fix wrong lockdep annotations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.46 by commit...

GSD-2022-1003134 fsnotify: fix wrong lockdep annotations

fsnotify: fix wrong lockdep annotations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

GSD-2022-1002799 fsnotify: fix wrong lockdep annotations

fsnotify: fix wrong lockdep annotations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

InvenTree 资源管理错误漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A denial of service vulnerability exists in InvenTree versions prior to 0.8.0 that stems from the annotations feature not including a character...

CVE-2022-29236 Improper access control for pencil annotations in BigBlueButton

BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced gra...

GHSA-QVMF-36H5-3F5V Improper Input Validation in Jenkins Script Security Plugin

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

Improper Input Validation in Jenkins Script Security Plugin

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

kube-state-metrics may expose secret content in metrics

A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...