CVE-2022-23051

PeteReport Version 0.5 contains an authenticated-admin Cross-Site Scripting (XSS) vulnerability: by modifying the svg_file parameter while adding an Attack Tree, an admin can inject persistent JavaScript. The issue stems from lack of filtering/escaping of user data. Affected product appears to be...

CVE-2022-0265 Improper Restriction of XML External Entity Reference in hazelcast/hazelcast

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1...

CVE-2022-21656

CVE-2022-21656 concerns Envoy. The connected sources describe a type-confusion bug in the default_validator.cc handling of subjectAltNames that can allow rfc822Name or URI names to be treated as domain names, bypassing nameConstraints from OpenSSL/BoringSSL and enabling impersonation of upstream ...

Cross-site Scripting in Prism

Impact Prism's Command line plugin can be used by attackers to achieve an XSS attack. The Command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Li...

USN-5293-1: c3p0 vulnerability

Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could cause a denial of service...

8x8 Bounty: admin.8x8.vc: Member users with no permission can integrate email to connect calendar via GET /meet-external/spot-roomkeeper/v1/calendar/auth/init?..

An improper access control vulnerability was discovered on the admin section of 8x8's video conferencing platform. Member users with no permission were able to exploit this vulnerability to integrate their email and connect their calendar to the platform. This allowed them to access areas they we...

CVE-2022-0614 Use of Out-of-range Pointer Offset in mruby/mruby

Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2...

CVE-2022-24112 apisix/batch-requests plugin allows overwriting the X-REAL-IP header

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

CVE-2022-0554

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2...

CVE-2022-23627

CVE-2022-23627 concerns ArchiSteamFarm (ASF). A bug in ASF v5.2.2.2 fails to properly verify the user’s access when issuing proxy commands between bots (A vs B), allowing access to resources beyond what was configured if an attacker already controls at least one bot in the process. The issue impa...

Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers

A high-severity security vulnerability in Argo CD can enable attackers to access targets’ application-development environments, paving the way for stealing passwords, API keys, tokens and other sensitive information. Argo CD is a continuous-delivery platform deployed as a Kubernetes controller in...

SUSE-SU-2022:0288-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free bsc1193727. - CVE-2021-4135: Fixed an...

Mageia: Security Advisory (MGASA-2019-0270)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-46102

From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.stvalue is read directly from ELF file without checking. If the sym.stvalue is rather large, an integer overflow is triggered while calculating the variable "addr"...

FetLife: Race condition in endpoint POST fetlife.com/users/invitation, allow attacker to generate unlimited invites

This report describes the same bug as 1455487. I rewrite this bug here to make the report clearer. I will self-close 1455487 right now. Description The Invite Your Friend to Join FetLife feature is vulnerable to race condition. By sending many requests at the same time to endpoint POST...

Apache ShenYu 访问控制错误漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway . An access control error vulnerability exists in Apache ShenYu version 2.4.0 and 2.4.1. An attacker can exploit this vulnerability to access the /plugin api without authentication, compromising system...

in vim/vim

Description A heap-based OOB read of size 4 occurs when a user tries to open a vim session file specified below. This happens regardless of any command line options that could be specified to restrict vim, such -Z and -m. This bug has been found on default vim build lastest commit hash...

Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

A critical security bug affecting Cisco’s Unified Contact Center Enterprise UCCE portfolio could allow privilege-escalation and platform takeover. Cisco UCCE is an on-premises customer-service platform capable of supporting up to 24,000 customer-service agents using channels that include inbound...

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

Remote Desktop Protocol RDP pipes have a security bug that could allow any standard, unprivileged Joe-Schmoe user to access other connected users’ machines. If exploited, it could lead to data-privacy issues, lateral movement and privilege escalation, researchers warned. Insider attackers could,...