Jitsi Meet 安全漏洞

Jitsi Meet is a set of open source projects from Jitsi Open Source. Enabling users to use and deploy a video conferencing platform with state-of-the-art video quality and features. A security vulnerability previously existed in Jitsi Meet version 2.0.9779, which arose from the fact that the abili...

GHSA-3HFQ-CX9J-923W Attacker can cause Kyverno user to unintentionally consume insecure image

An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno fetch their images from. The attacker could then return a vulnerable image to the the user and leverage th...

CVE-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

CVE-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

CVE-2020-12422

In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 78...