GHSA-F3FP-GC8G-VW66 Default inheritable capabilities for linux container should be empty

Impact A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bu...

Flarum mishandles invalidation of user email tokens

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens...

Path Traversal

🔒️ Requirements Privilege: User 📝 Description File path isn't properly sanitized and allow ... 🕵️‍♂️ Proof of Concept Listing other user folder content First, create a user with Read privilege and with specific home folder like /test. Then, Connect to his account and access the home page...

Acronis Cyber Protect Injection Vulnerability

Acronis Cyber Protect is an application. that provides unified protection for your network by integrating backup, disaster recovery, artificial intelligence-based malware protection, remote assistance and security into a single, reliable tool.Acronis Cyber Protect 15 Linux, Windows suffers from a...

Integer Overflow or Wraparound in libxml2 affects Nokogiri

Summary Nokogiri v1.13.5 upgrades the packaged version of its dependency libxml2 from v2.9.13 to v2.9.14. libxml2 v2.9.14 addresses CVE-2022-29824. This version also includes several security-related bug fixes for which CVEs were not created, including a potential double-free, potential memory...

CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

Path Traversal in WellKnownServlet

Description The WellKnownServlet is vulnerable to path traversal. This allows reading local files. For example the files in WEB-INF that contain secrets and API keys can be read. https://github.com/jgraph/drawio/blob/v18.0.4/src/main/java/com/mxgraph/online/WellKnownServlet.javaL40-L66 java Strin...

GHSA-3GV7-3H64-78CM Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. Thi...

GHSA-674J-7M97-J2P9 curl FTP path confusion leads to NIL byte out of bounds write

curl can be coerced into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen ...

Matrix Synapse Security Filtering Flaw

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF

The plugin does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. alert'boo!'" document.getElementById"test".submit;...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

cookie for trailing dot TLD

libcurl wrongly allows HTTP cookies to be set for Top Level Domains TLDs if the hostname is provided with a trailing dot. curl can be told to receive and send cookies when communicating using HTTPS. curl's "cookie engine" can be built with or without Public Suffix List awareness. If PSL support n...

Moderate: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

ALSA-2022:1988 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: fget: check that the fd still exists after getting a ref to it CVE-2021-4083 kernel: avoid cyclic entity chains due to malformed USB descriptors CVE-2020-0404 kernel: speculation on...

setroubleshoot bug fix and enhancement update

An update is available for setroubleshoot. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

RLSA-2022:1898 Moderate: fapolicyd security, bug fix, and enhancement update

Fapolicyd File Access Policy Daemon implements application whitelisting to decide file access rights. Applications that are known via a reputation source are allowed access while unknown applications are not. The daemon makes use of the kernel's fanotify interface to determine file access rights...

Incorrect Default Permissions in CRI-O

Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

CVE-2022-1437 Heap-based Buffer Overflow in radareorg/radare2

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash...

CVE-2022-1437

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash...