CVE-2022-21649

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...

GHSA-J4JW-M6XR-FV6C Soft Serve vulnerable to path traversal attacks

Impact Path traversal attack gives access to existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. Patches This is patched in v0.8...

Fedora 36 : rust-bat / rust-cargo-c / rust-exa / rust-git-delta / rust-gitui / etc (2023-3ec32f6d4e)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-3ec32f6d4e advisory. This update contains rebuilds of all Rust applications against versions of the libgit2-sys crate that ship fixes for CVE-2022-24765 and CVE-2022-291...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, China. Huawei HarmonyOS is vulnerable to a multi-user setup issue. An attacker could exploit this vulnerability to compromise confidentiality...