Streamlink has an arbitrary local file read via file:// URI in HLS and DASH

Summary Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream...

GHSA-HGQW-6M45-HW5F Streamlink has an arbitrary local file read via file:// URI in HLS and DASH

Summary Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream...

OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream

Summary OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control...

U.S. Dept Of Defense: Debug Info disclose

A debug information disclosure vulnerability was discovered. The vulnerability allowed the disclosure of debug output information through a specific request parameter. The vulnerability has been reported but no further details are provided...

Design/Logic Flaw

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values...

CVE-2020-35611

CVE-2020-35611 affects Joomla! 2.5.0 through 3.9.22. The global configuration page outputs secrets in the HTML, disclosing current values due to a misconfiguration. Impact is information disclosure of sensitive configuration data. Remediation: update to a version that removes secrets from the HTM...

Joomla 1.7.x < 3.9.23 Multiple Vulnerabilities (5828-joomla-3-9-23)

According to its self-reported version, the instance of Joomla! running on the remote web server is 1.7.x prior to 3.9.23. It is, therefore, affected by multiple vulnerabilities. - The autosuggestion feature of comfinder did not respect the access level of the corresponding terms. - The global...